use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class UndertowUpgradeRequestManager method proxyWebSocket.
@Override
public void proxyWebSocket(final HttpFilterRequest req, HttpServletResponse resp, final String url) throws Exception {
final ServletWebSocketHttpExchange facade = new ServletWebSocketHttpExchange(req.getServletRequest(), resp, peerConnections);
Handshake handshaker = null;
for (Handshake method : handshakes) {
if (method.matches(facade)) {
handshaker = method;
break;
}
}
if (handshaker == null) {
UndertowLogger.REQUEST_LOGGER.debug("Could not find hand shaker for web socket request");
resp.sendError(StatusCodes.BAD_REQUEST);
return;
}
ArrayList<String> protocols = new ArrayList<String>();
Attribute subProtocols = req.getHeader("Sec-WebSocket-Protocol");
if (subProtocols != null) {
StringTokenizer protToker = new StringTokenizer(subProtocols.getValues().get(0), ",", false);
while (protToker.hasMoreTokens()) {
protocols.add(protToker.nextToken().trim());
}
}
UnisonWebSocketClientNegotiation clientNegotionation = new UnisonWebSocketClientNegotiation(protocols, new ArrayList<io.undertow.websockets.WebSocketExtension>());
final UnisonReceiveListener unisonReceiveListener = new UnisonReceiveListener(url, req, resp, clientNegotionation);
clientNegotionation.setFacade(facade);
clientNegotionation.setHandshaker(handshaker);
clientNegotionation.setUpgradeRequestManager(this);
final WebSocketConnectionCallback callback = new WebSocketConnectionCallback() {
@Override
public void onConnect(final WebSocketHttpExchange exchange, final WebSocketChannel channel) {
try {
unisonReceiveListener.initializeFromCallback(exchange, channel);
channel.getReceiveSetter().set(unisonReceiveListener);
} catch (IllegalArgumentException | IOException e) {
logger.error("Could not initiate websocket", e);
}
channel.resumeReceives();
}
};
clientNegotionation.setCallback(callback);
unisonReceiveListener.startConnection();
int count = 0;
while (!clientNegotionation.isUpgradeComplete()) {
Thread.sleep(100);
if (++count == 20) {
throw new Exception("websocket proxy timeout");
}
}
}
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class WebAuthnUtils method lookupWebAuthnUserData.
public static WebAuthnUserData lookupWebAuthnUserData(AuthInfo userData, String attributeName, String encryptionKeyName) throws ServletException {
Attribute encData = userData.getAttribs().get(attributeName);
if (encData == null) {
return null;
} else {
try {
String encAuthData = encData.getValues().get(0);
String encryptedAuth = inflate(encAuthData);
SecretKey key = GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(encryptionKeyName);
if (key == null) {
throw new Exception("encryption key not found");
}
EncryptedMessage msg = gson.fromJson(encryptedAuth, EncryptedMessage.class);
IvParameterSpec spec = new IvParameterSpec(msg.getIv());
Cipher cipher;
cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, key, spec);
byte[] bytes = cipher.doFinal(msg.getMsg());
ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(bytes));
WebAuthnUserData webAuthnData = (WebAuthnUserData) ois.readObject();
return webAuthnData;
} catch (Exception e) {
throw new ServletException("Could not extract webauthn user data", e);
}
}
}
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class WebAuthnUtils method storeWebAuthnUserData.
public static void storeWebAuthnUserData(WebAuthnUserData webAuthnUserData, String encryptionKeyName, AuthInfo userData, String workflowName, String uidAttributeName, String challengeStoreAttribute) throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(baos);
oos.writeObject(webAuthnUserData);
EncryptedMessage msg = new EncryptedMessage();
SecretKey key = GlobalEntries.getGlobalEntries().getConfigManager().getSecretKey(encryptionKeyName);
if (key == null) {
throw new Exception("User data message encryption key not found");
}
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, key);
msg.setMsg(cipher.doFinal(baos.toByteArray()));
msg.setIv(cipher.getIV());
baos = new ByteArrayOutputStream();
DeflaterOutputStream compressor = new DeflaterOutputStream(baos, new Deflater(Deflater.BEST_COMPRESSION, true));
Gson gson = new Gson();
compressor.write(gson.toJson(msg).getBytes("UTF-8"));
compressor.flush();
compressor.close();
String b64 = new String(java.util.Base64.getEncoder().encodeToString(baos.toByteArray()));
userData.getAttribs().put(challengeStoreAttribute, new Attribute(challengeStoreAttribute, b64));
WFCall wc = new WFCall();
wc.setName(workflowName);
wc.setUidAttributeName(uidAttributeName);
TremoloUser tu = new TremoloUser();
tu.setUid(userData.getAttribs().get(uidAttributeName).getValues().get(0));
tu.getAttributes().add(new Attribute(uidAttributeName, userData.getAttribs().get(uidAttributeName).getValues().get(0)));
tu.getAttributes().add(new Attribute(challengeStoreAttribute, b64));
wc.setUser(tu);
Map<String, Object> req = new HashMap<String, Object>();
req.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
wc.setRequestParams(req);
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getWorkFlow(workflowName).executeWorkflow(wc);
}
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class HttpFilterRequestImpl method renameAttribute.
/* (non-Javadoc)
* @see com.tremolosecurity.proxy.filter.HttpFilterRequest#renameAttribute(java.lang.String, java.lang.String)
*/
@Override
public void renameAttribute(String oldName, String newName) {
Attribute attr = this.params.get(oldName);
if (attr == null) {
return;
}
Attribute nattr = new Attribute(newName);
nattr.setValues(attr.getValues());
this.params.remove(oldName);
this.params.put(newName, nattr);
for (int i = 0; i < this.paramNames.size(); i++) {
if (this.paramNames.get(i).equals(oldName)) {
this.paramNames.set(i, newName);
break;
}
}
}
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class RemoteBasic method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
HashMap<String, Attribute> authParams = new HashMap<String, Attribute>();
authParams.put("realmName", new Attribute("realmName", this.realmName));
authParams.put("uidAttr", new Attribute("uidAttr", "uid"));
request.getSession().setAttribute(ProxyConstants.AUTH_MECH_PARAMS, authParams);
AuthStep as = new AuthStep();
as.setId(0);
as.setRequired(true);
if (com.tremolosecurity.proxy.auth.BasicAuth.checkBasicAuth(request.getServletRequest(), response.getServletResponse(), cfgMgr, new HttpBasicAuth(url, false, host, port), as)) {
request.removeHeader("Authorization");
chain.nextFilter(request, response, chain);
} else {
chain.setNoProxy(true);
}
}
Aggregations