Search in sources :

Example 31 with OA2Client

use of edu.uiuc.ncsa.security.oauth_2_0.OA2Client in project OA4MP by ncsa.

the class PermissionServer method listClients.

public PermissionResponse listClients(ListClientsRequest request) {
    // request needs an admin client only
    // canRead(request);
    List<Identifier> clientIDs = getPermissionStore().getClients(request.getAdminClient().getIdentifier());
    List<OA2Client> clients = new LinkedList<>();
    for (Identifier id : clientIDs) {
        try {
            getPermissionStore().get(request.getAdminClient().getIdentifier(), id);
            clients.add((OA2Client) getClientStore().get(id));
        } catch (Throwable throwable) {
        // rock on if not allowed
        }
    }
    return new ListClientResponse(clients);
}
Also used : OA2Client(edu.uiuc.ncsa.security.oauth_2_0.OA2Client) Identifier(edu.uiuc.ncsa.security.core.Identifier) LinkedList(java.util.LinkedList)

Example 32 with OA2Client

use of edu.uiuc.ncsa.security.oauth_2_0.OA2Client in project OA4MP by ncsa.

the class OA2ClientCommands method longFormat.

@Override
protected void longFormat(Identifiable identifiable) {
    OA2Client client = (OA2Client) identifiable;
    say("Client name=" + (client.getName() == null ? "(no name)" : client.getName()));
    sayi("identifier=" + client.getIdentifier());
    sayi("email=" + client.getEmail());
    sayi("home uri=" + client.getHomeUri());
    sayi("error uri=" + client.getErrorUri());
    sayi("limited proxies? " + client.isProxyLimited());
    sayi("creation timestamp=" + client.getCreationTS());
    sayi("sign ID tokens?=" + client.isSignTokens());
    sayi("issuer=" + client.getIssuer());
    sayi("is public?=" + client.isPublicClient());
    if (getClientApprovalStore() != null) {
        ClientApproval clientApproval = null;
        try {
            clientApproval = (ClientApproval) getClientApprovalStore().get(client.getIdentifier());
        } catch (Throwable t) {
        // do nothing. If there is no approval record, this is equivalent to saying it is not approved.
        }
        if (clientApproval == null) {
            // if it is missing, then create on and mark it pending.
            clientApproval = (ClientApproval) getClientApprovalStore().create();
            // or it won't associate it with the client...
            clientApproval.setIdentifier(client.getIdentifier());
            clientApproval.setStatus(ClientApproval.Status.PENDING);
            clientApproval.setApproved(false);
            getClientApprovalStore().save(clientApproval);
        // sayi("no approval record exists.");
        }
        if (clientApproval.isApproved() && clientApproval.getStatus() != APPROVED) {
            clientApproval.setStatus(APPROVED);
        }
        switch(clientApproval.getStatus()) {
            case APPROVED:
                String approver = "(unknown)";
                if (clientApproval.getApprover() != null) {
                    approver = clientApproval.getApprover();
                }
                sayi("status=approved by " + approver);
                break;
            case NONE:
                sayi("status=none");
                break;
            case PENDING:
                sayi("status=pending");
                break;
            case DENIED:
                sayi("status=approval denied");
                break;
            case REVOKED:
                sayi("status=revoked");
        }
    }
    // end of approvals.
    if (client.getSecret() == null) {
        sayi("client secret: (none)");
    } else {
        sayi("client secret (hash):" + client.getSecret());
    }
    Collection<String> uris = client.getCallbackURIs();
    if (uris == null) {
        sayi("callback uris: (none)");
    } else {
        sayi("callback uris" + (uris.isEmpty() ? ":(none)" : ":"));
        for (String x : uris) {
            sayi("      " + x);
        }
    }
    Collection<String> scopes = client.getScopes();
    if (scopes == null) {
        sayi("scopes: (none)");
    } else {
        sayi("scopes" + (scopes.isEmpty() ? ":(none)" : ":"));
        for (String x : scopes) {
            sayi("      " + x);
        }
    }
    if (isRefreshTokensEnabled()) {
        sayi("refresh lifetime (sec): " + (client.isRTLifetimeEnabled() ? (client.getRtLifetime() / 1000) : "none"));
    }
    if (client.getLdaps() == null || client.getLdaps().isEmpty()) {
        sayi("ldap:(none configured.)");
    } else {
        sayi("LDAPS:");
        LDAPConfigurationUtil.toJSON(client.getLdaps());
    }
}
Also used : OA2Client(edu.uiuc.ncsa.security.oauth_2_0.OA2Client) ClientApproval(edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval)

Example 33 with OA2Client

use of edu.uiuc.ncsa.security.oauth_2_0.OA2Client in project OA4MP by ncsa.

the class OA2ClientCommands method extraUpdates.

/**
 * In this case, the secret has to be gotten and processed into a hash,
 * callback uris listed and the refresh token lifetime set.
 * Do not call super on this method since the standard client tracks a public key file rather
 * than the hash of a secret string.
 *
 * @param identifiable
 */
@Override
public void extraUpdates(Identifiable identifiable) {
    OA2Client client = (OA2Client) identifiable;
    String secret = client.getSecret();
    String input;
    boolean askForSecret = true;
    while (askForSecret) {
        input = getInput("enter a new secret or return to skip.", secret);
        if (isEmpty(input)) {
            sayi("Nothing entered. Client secret entry skipped.");
            break;
        }
        if (input.equals(secret)) {
            sayi(" Client secret entry skipped.");
            break;
        }
        // input is not empty.
        secret = DigestUtils.sha1Hex(input);
        client.setSecret(secret);
        askForSecret = false;
    }
    OA2Client oa2Client = (OA2Client) identifiable;
    if (isRefreshTokensEnabled()) {
        // so at this point the server actually allows for refresh tokens
        String NONE = "none";
        String rtString = oa2Client.isRTLifetimeEnabled() ? Long.toString(oa2Client.getRtLifetime() / 1000) : NONE;
        String rawLifetime = getInput("enter the refresh lifetime in ms.", rtString);
        if (rawLifetime == null || rawLifetime.length() == 0 || rawLifetime.toLowerCase().equals(NONE)) {
            oa2Client.setRtLifetime(0);
        } else {
            try {
                oa2Client.setRtLifetime(Long.parseLong(rawLifetime));
            } catch (Throwable t) {
                sayi("Sorry but \"" + rawLifetime + "\" is not a valid number. No change.");
            }
        }
    }
    boolean publicClient = oa2Client.isPublicClient();
    String rawPC = getInput("is this client public?", Boolean.toString(publicClient));
    if (rawPC != null && rawPC.toLowerCase().equalsIgnoreCase("y") || rawPC.toLowerCase().equalsIgnoreCase("yes")) {
        rawPC = "true";
    }
    try {
        boolean x = Boolean.parseBoolean(rawPC);
        oa2Client.setPublicClient(x);
    } catch (Throwable t) {
        sayi("Sorry, but unable to parse the response of \"" + rawPC + "\". No change.");
    }
    String issuer = getInput("enter the issuer (optional)", oa2Client.getIssuer());
    if (!isEmpty(issuer)) {
        oa2Client.setIssuer(issuer);
    }
    String signTokens = getInput("Enable ID token signing (true/false)?", Boolean.toString(oa2Client.isSignTokens()));
    if (!isEmpty(signTokens)) {
        try {
            oa2Client.setSignTokens(Boolean.parseBoolean(signTokens));
        } catch (Throwable t) {
            // do nothing.
            sayi("Unknown response of \"" + signTokens + "\". Must be \"true\" or \"false\", ignoring.");
        }
    }
    String currentScopes = null;
    if (oa2Client.getScopes() != null) {
        boolean firstPass = true;
        for (String x : oa2Client.getScopes()) {
            if (firstPass) {
                firstPass = false;
                currentScopes = x;
            } else {
                currentScopes = currentScopes + "," + x;
            }
        }
    }
    String scopes = getInput("enter a comma separated list of scopes. Scopes to this server will be rejected.", currentScopes);
    if (!(scopes == null || scopes.isEmpty())) {
        LinkedList<String> list = new LinkedList<>();
        StringTokenizer stringTokenizer = new StringTokenizer(scopes, ",");
        while (stringTokenizer.hasMoreTokens()) {
            String raw = stringTokenizer.nextToken().trim();
            if (getSupportedScopes().contains(raw)) {
                list.add(raw);
            } else {
                say("Unknown scope \"" + raw + "\" rejected.");
            }
        }
        oa2Client.setScopes(list);
    }
    // Now do much the same for the list of callback URIs
    String currentUris = null;
    if (oa2Client.getCallbackURIs() != null) {
        boolean firstPass = true;
        for (String x : oa2Client.getCallbackURIs()) {
            if (firstPass) {
                firstPass = false;
                currentUris = x;
            } else {
                currentUris = currentUris + "," + x;
            }
        }
    }
    String uris = getInput("enter a comma separated list of callback uris. These must start with https or they will be ignored.", currentUris);
    if (!uris.isEmpty()) {
        LinkedList<String> list = new LinkedList<>();
        StringTokenizer stringTokenizer = new StringTokenizer(uris, ",");
        while (stringTokenizer.hasMoreTokens()) {
            String raw = stringTokenizer.nextToken().trim();
            try {
                URI uri = URI.create(raw);
                if (uri.getScheme().toLowerCase().equals("https")) {
                    list.add(raw);
                } else {
                    sayi("\"" + raw + "\" rejected -- illegal protocol");
                }
            } catch (Throwable t) {
                // do nothing. Just ignore illegal uris.
                sayi("\"" + raw + "\" rejected -- illegal uri");
            }
        }
        oa2Client.setCallbackURIs(list);
    }
    String currentLDAPs = null;
    if (client.getLdaps() == null || client.getLdaps().isEmpty()) {
        currentLDAPs = "";
    } else {
        currentLDAPs = LDAPConfigurationUtil.toJSON(client.getLdaps()).toString();
    }
    String ldaps = getInput("Enter a valid JSON object or array for the ldap configuration(s).", currentLDAPs);
    if (!ldaps.isEmpty()) {
        // try to parse it as a single LDAP entry
        JSON json = null;
        try {
            JSONArray array = JSONArray.fromObject(ldaps);
            json = array;
        } catch (Throwable t) {
            // ok, so that is not an array, try a singleton
            try {
                JSONObject jsonObject = JSONObject.fromObject(ldaps);
                json = jsonObject;
            } catch (Throwable tt) {
                sayi("Sorry, could not parse JSON");
            }
            if (json != null) {
                client.setLdaps(LDAPConfigurationUtil.fromJSON(json));
            }
        }
    }
}
Also used : OA2Client(edu.uiuc.ncsa.security.oauth_2_0.OA2Client) StringTokenizer(java.util.StringTokenizer) JSONObject(net.sf.json.JSONObject) JSONArray(net.sf.json.JSONArray) JSON(net.sf.json.JSON) URI(java.net.URI) LinkedList(java.util.LinkedList)

Aggregations

OA2Client (edu.uiuc.ncsa.security.oauth_2_0.OA2Client)31 JSONObject (net.sf.json.JSONObject)10 OA2ClientKeys (edu.uiuc.ncsa.security.oauth_2_0.OA2ClientKeys)7 LinkedList (java.util.LinkedList)7 ColumnMap (edu.uiuc.ncsa.security.storage.sql.internals.ColumnMap)6 LDAPConfiguration (edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration)5 AdminClient (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient)4 Permission (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.permissions.Permission)4 Identifier (edu.uiuc.ncsa.security.core.Identifier)4 OA2ClientConverter (edu.uiuc.ncsa.security.oauth_2_0.OA2ClientConverter)4 JSONArray (net.sf.json.JSONArray)4 TypeAttribute (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypeAttribute)3 TypePermission (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission)3 ClientApproval (edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval)3 OA2GeneralError (edu.uiuc.ncsa.security.oauth_2_0.OA2GeneralError)3 LDAPEntry (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.ldap.LDAPEntry)2 ActionAdd (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.actions.ActionAdd)2 TypeClient (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypeClient)2 GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)2 ClaimSource (edu.uiuc.ncsa.security.oauth_2_0.server.ClaimSource)2