Search in sources :

Example 71 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class UndertowUpgradeRequestManager method proxyWebSocket.

@Override
public void proxyWebSocket(final HttpFilterRequest req, HttpServletResponse resp, final String url) throws Exception {
    final ServletWebSocketHttpExchange facade = new ServletWebSocketHttpExchange(req.getServletRequest(), resp, peerConnections);
    Handshake handshaker = null;
    for (Handshake method : handshakes) {
        if (method.matches(facade)) {
            handshaker = method;
            break;
        }
    }
    if (handshaker == null) {
        UndertowLogger.REQUEST_LOGGER.debug("Could not find hand shaker for web socket request");
        resp.sendError(StatusCodes.BAD_REQUEST);
        return;
    }
    ArrayList<String> protocols = new ArrayList<String>();
    Attribute subProtocols = req.getHeader("Sec-WebSocket-Protocol");
    if (subProtocols != null) {
        StringTokenizer protToker = new StringTokenizer(subProtocols.getValues().get(0), ",", false);
        while (protToker.hasMoreTokens()) {
            protocols.add(protToker.nextToken().trim());
        }
    }
    UnisonWebSocketClientNegotiation clientNegotionation = new UnisonWebSocketClientNegotiation(protocols, new ArrayList<io.undertow.websockets.WebSocketExtension>());
    final UnisonReceiveListener unisonReceiveListener = new UnisonReceiveListener(url, req, resp, clientNegotionation);
    clientNegotionation.setFacade(facade);
    clientNegotionation.setHandshaker(handshaker);
    clientNegotionation.setUpgradeRequestManager(this);
    final WebSocketConnectionCallback callback = new WebSocketConnectionCallback() {

        @Override
        public void onConnect(final WebSocketHttpExchange exchange, final WebSocketChannel channel) {
            try {
                unisonReceiveListener.initializeFromCallback(exchange, channel);
                channel.getReceiveSetter().set(unisonReceiveListener);
            } catch (IllegalArgumentException | IOException e) {
                logger.error("Could not initiate websocket", e);
            }
            channel.resumeReceives();
        }
    };
    clientNegotionation.setCallback(callback);
    unisonReceiveListener.startConnection();
    int count = 0;
    while (!clientNegotionation.isUpgradeComplete()) {
        Thread.sleep(100);
        if (++count == 20) {
            throw new Exception("websocket proxy timeout");
        }
    }
}
Also used : Attribute(com.tremolosecurity.saml.Attribute) WebSocketChannel(io.undertow.websockets.core.WebSocketChannel) ArrayList(java.util.ArrayList) IOException(java.io.IOException) ServletWebSocketHttpExchange(io.undertow.servlet.websockets.ServletWebSocketHttpExchange) URISyntaxException(java.net.URISyntaxException) IOException(java.io.IOException) ServletWebSocketHttpExchange(io.undertow.servlet.websockets.ServletWebSocketHttpExchange) WebSocketHttpExchange(io.undertow.websockets.spi.WebSocketHttpExchange) StringTokenizer(java.util.StringTokenizer) WebSocketConnectionCallback(io.undertow.websockets.WebSocketConnectionCallback) Hybi07Handshake(io.undertow.websockets.core.protocol.version07.Hybi07Handshake) Hybi13Handshake(io.undertow.websockets.core.protocol.version13.Hybi13Handshake) Hybi08Handshake(io.undertow.websockets.core.protocol.version08.Hybi08Handshake) Handshake(io.undertow.websockets.core.protocol.Handshake)

Example 72 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class WebAuthnUtils method lookupWebAuthnUserData.

public static WebAuthnUserData lookupWebAuthnUserData(AuthInfo userData, String attributeName, String encryptionKeyName) throws ServletException {
    Attribute encData = userData.getAttribs().get(attributeName);
    if (encData == null) {
        return null;
    } else {
        try {
            String encAuthData = encData.getValues().get(0);
            String encryptedAuth = inflate(encAuthData);
            SecretKey key = GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(encryptionKeyName);
            if (key == null) {
                throw new Exception("encryption key not found");
            }
            EncryptedMessage msg = gson.fromJson(encryptedAuth, EncryptedMessage.class);
            IvParameterSpec spec = new IvParameterSpec(msg.getIv());
            Cipher cipher;
            cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(Cipher.DECRYPT_MODE, key, spec);
            byte[] bytes = cipher.doFinal(msg.getMsg());
            ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(bytes));
            WebAuthnUserData webAuthnData = (WebAuthnUserData) ois.readObject();
            return webAuthnData;
        } catch (Exception e) {
            throw new ServletException("Could not extract webauthn user data", e);
        }
    }
}
Also used : ServletException(javax.servlet.ServletException) SecretKey(javax.crypto.SecretKey) Attribute(com.tremolosecurity.saml.Attribute) ByteArrayInputStream(java.io.ByteArrayInputStream) EncryptedMessage(com.tremolosecurity.provisioning.util.EncryptedMessage) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) ObjectInputStream(java.io.ObjectInputStream)

Example 73 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class WebAuthnUtils method storeWebAuthnUserData.

public static void storeWebAuthnUserData(WebAuthnUserData webAuthnUserData, String encryptionKeyName, AuthInfo userData, String workflowName, String uidAttributeName, String challengeStoreAttribute) throws Exception {
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    ObjectOutputStream oos = new ObjectOutputStream(baos);
    oos.writeObject(webAuthnUserData);
    EncryptedMessage msg = new EncryptedMessage();
    SecretKey key = GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(encryptionKeyName);
    if (key == null) {
        throw new Exception("User data message encryption key not found");
    }
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, key);
    msg.setMsg(cipher.doFinal(baos.toByteArray()));
    msg.setIv(cipher.getIV());
    baos = new ByteArrayOutputStream();
    DeflaterOutputStream compressor = new DeflaterOutputStream(baos, new Deflater(Deflater.BEST_COMPRESSION, true));
    Gson gson = new Gson();
    compressor.write(gson.toJson(msg).getBytes("UTF-8"));
    compressor.flush();
    compressor.close();
    String b64 = new String(java.util.Base64.getEncoder().encodeToString(baos.toByteArray()));
    userData.getAttribs().put(challengeStoreAttribute, new Attribute(challengeStoreAttribute, b64));
    WFCall wc = new WFCall();
    wc.setName(workflowName);
    wc.setUidAttributeName(uidAttributeName);
    TremoloUser tu = new TremoloUser();
    tu.setUid(userData.getAttribs().get(uidAttributeName).getValues().get(0));
    tu.getAttributes().add(new Attribute(uidAttributeName, userData.getAttribs().get(uidAttributeName).getValues().get(0)));
    tu.getAttributes().add(new Attribute(challengeStoreAttribute, b64));
    wc.setUser(tu);
    Map<String, Object> req = new HashMap<String, Object>();
    req.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
    wc.setRequestParams(req);
    GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getWorkFlow(workflowName).executeWorkflow(wc);
}
Also used : WFCall(com.tremolosecurity.provisioning.service.util.WFCall) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) Gson(com.google.gson.Gson) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ObjectOutputStream(java.io.ObjectOutputStream) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) SecretKey(javax.crypto.SecretKey) Deflater(java.util.zip.Deflater) TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser) EncryptedMessage(com.tremolosecurity.provisioning.util.EncryptedMessage) DeflaterOutputStream(java.util.zip.DeflaterOutputStream) Cipher(javax.crypto.Cipher)

Example 74 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class HttpFilterRequestImpl method renameAttribute.

/* (non-Javadoc)
	 * @see com.tremolosecurity.proxy.filter.HttpFilterRequest#renameAttribute(java.lang.String, java.lang.String)
	 */
@Override
public void renameAttribute(String oldName, String newName) {
    Attribute attr = this.params.get(oldName);
    if (attr == null) {
        return;
    }
    Attribute nattr = new Attribute(newName);
    nattr.setValues(attr.getValues());
    this.params.remove(oldName);
    this.params.put(newName, nattr);
    for (int i = 0; i < this.paramNames.size(); i++) {
        if (this.paramNames.get(i).equals(oldName)) {
            this.paramNames.set(i, newName);
            break;
        }
    }
}
Also used : Attribute(com.tremolosecurity.saml.Attribute)

Example 75 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class RemoteBasic method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    HashMap<String, Attribute> authParams = new HashMap<String, Attribute>();
    authParams.put("realmName", new Attribute("realmName", this.realmName));
    authParams.put("uidAttr", new Attribute("uidAttr", "uid"));
    request.getSession().setAttribute(ProxyConstants.AUTH_MECH_PARAMS, authParams);
    AuthStep as = new AuthStep();
    as.setId(0);
    as.setRequired(true);
    if (com.tremolosecurity.proxy.auth.BasicAuth.checkBasicAuth(request.getServletRequest(), response.getServletResponse(), cfgMgr, new HttpBasicAuth(url, false, host, port), as)) {
        request.removeHeader("Authorization");
        chain.nextFilter(request, response, chain);
    } else {
        chain.setNoProxy(true);
    }
}
Also used : HttpBasicAuth(com.tremolosecurity.proxy.auth.util.HttpBasicAuth) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) AuthStep(com.tremolosecurity.proxy.auth.util.AuthStep)

Aggregations

Attribute (com.tremolosecurity.saml.Attribute)268 LDAPAttribute (com.novell.ldap.LDAPAttribute)90 HashMap (java.util.HashMap)89 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)87 IOException (java.io.IOException)69 ArrayList (java.util.ArrayList)53 LDAPException (com.novell.ldap.LDAPException)51 ServletException (javax.servlet.ServletException)48 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)46 AuthController (com.tremolosecurity.proxy.auth.AuthController)45 LDAPEntry (com.novell.ldap.LDAPEntry)43 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)43 HttpSession (javax.servlet.http.HttpSession)40 Gson (com.google.gson.Gson)35 User (com.tremolosecurity.provisioning.core.User)33 HttpServletRequest (javax.servlet.http.HttpServletRequest)33 UrlHolder (com.tremolosecurity.config.util.UrlHolder)31 UnsupportedEncodingException (java.io.UnsupportedEncodingException)30 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)28 HashSet (java.util.HashSet)26