Example 1 with XMLMapListLoader
use of digilib.util.XMLMapListLoader in project digilib by robcast.
the class OpenIdAuthnOps method init.
/* (non-Javadoc)
* @see digilib.auth.AuthnOps#init(digilib.conf.DigilibConfiguration)
*/
@Override
public void init(DigilibConfiguration dlConfig) throws AuthOpException {
configFile = dlConfig.getAsFile("auth-file");
logger.debug("openidauthnops.init (" + configFile + ")");
List<Map<String, String>> idpList;
try {
// load identity providers
XMLMapListLoader idpLoader = new XMLMapListLoader("digilib-oauth", "openid");
idpList = idpLoader.loadUri(configFile.toURI());
} catch (Exception e) {
throw new AuthOpException("ERROR loading auth config file: " + e);
}
if (idpList == null) {
throw new AuthOpException("ERROR unable to load auth config file!");
}
// create Map of roles by issuer
idpRoles = new HashMap<String, List<String>>();
// build a first pass JwtConsumer that doesn't check signatures or do any validation.
firstPassJwtConsumer = new JwtConsumerBuilder().setSkipAllValidators().setDisableRequireSignature().setSkipSignatureVerification().build();
// create Map of configured JwtConsumers by issuer
idpJwtConsumers = new HashMap<String, JwtConsumer>();
for (Map<String, String> idpDesc : idpList) {
String issuer = idpDesc.get("issuer");
if (issuer == null) {
logger.error("Missing issuer in openid tag!");
continue;
}
String clientid = idpDesc.get("clientid");
if (clientid == null) {
logger.error("Missing clientid in openid tag! (issuer: " + issuer + ")");
continue;
}
String rolestr = idpDesc.get("roles");
if (rolestr == null) {
logger.error("Missing roles in openid tag! (issuer: " + issuer + ")");
continue;
}
// split roles string into list
List<String> roles = Arrays.asList(rolestr.split(","));
String keytype = idpDesc.get("keytype");
if (keytype == null || !keytype.equals("jwk")) {
logger.error("Missing or invalid keytype in openid tag! (issuer: " + issuer + ")");
continue;
}
String keyData = idpDesc.get("_text");
if (keyData == null || keyData.length() == 0) {
logger.error("Missing key data in openid tag! (issuer: " + issuer + ")");
continue;
}
try {
// create key from JWK data
JsonWebKey jwk = JsonWebKey.Factory.newJwk(keyData);
// create second pass consumer for validation
JwtConsumer secondPassJwtConsumer = new JwtConsumerBuilder().setExpectedIssuer(issuer).setVerificationKey(jwk.getKey()).setRequireExpirationTime().setAllowedClockSkewInSeconds(300).setRequireSubject().setExpectedAudience(clientid).build();
// save consumer and roles
idpJwtConsumers.put(issuer, secondPassJwtConsumer);
idpRoles.put(issuer, roles);
logger.debug("Registered id provider '" + issuer + "'");
} catch (JoseException e) {
logger.error("Invalid key data in openid tag! (issuer: " + issuer + ")");
continue;
}
}
// set token cookie name
tokenCookieName = dlConfig.getAsString("authn-token-cookie");
}
Also used :
XMLMapListLoader(digilib.util.XMLMapListLoader)
JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder)
JoseException(org.jose4j.lang.JoseException)
JsonWebKey(org.jose4j.jwk.JsonWebKey)
InvalidJwtException(org.jose4j.jwt.consumer.InvalidJwtException)
MalformedClaimException(org.jose4j.jwt.MalformedClaimException)
JoseException(org.jose4j.lang.JoseException)
JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer)
List(java.util.List)
HashMap(java.util.HashMap)
Map(java.util.Map)
Aggregations
XMLMapListLoader (digilib.util.XMLMapListLoader)1
HashMap (java.util.HashMap)1
List (java.util.List)1
Map (java.util.Map)1
JsonWebKey (org.jose4j.jwk.JsonWebKey)1
MalformedClaimException (org.jose4j.jwt.MalformedClaimException)1
InvalidJwtException (org.jose4j.jwt.consumer.InvalidJwtException)1
JwtConsumer (org.jose4j.jwt.consumer.JwtConsumer)1
JwtConsumerBuilder (org.jose4j.jwt.consumer.JwtConsumerBuilder)1
JoseException (org.jose4j.lang.JoseException)1
