use of org.apache.qpid.server.model.TrustStore in project qpid-broker-j by apache.
the class FileTrustStoreTest method testSymmetricKeyEntryIgnored.
public void testSymmetricKeyEntryIgnored() throws Exception {
final URL keystoreUrl = getClass().getResource(SYMMETRIC_KEY_KEYSTORE_RESOURCE);
assertNotNull("Symmetric key keystore not found", keystoreUrl);
Map<String, Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, getTestName());
attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
attributes.put(FileTrustStore.STORE_URL, keystoreUrl);
attributes.put(FileTrustStore.TRUST_STORE_TYPE, "PKCS12");
TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
Certificate[] certificates = trustStore.getCertificates();
assertEquals("Unexpected number of certificates", getNumberOfCertificates(keystoreUrl, "PKCS12"), certificates.length);
}
use of org.apache.qpid.server.model.TrustStore in project qpid-broker-j by apache.
the class FacebookIdentityResolverService method getUserPrincipal.
@Override
public Principal getUserPrincipal(final OAuth2AuthenticationProvider<?> authenticationProvider, String accessToken, final NamedAddressSpace addressSpace) throws IOException, IdentityResolverException {
URL userInfoEndpoint = authenticationProvider.getIdentityResolverEndpointURI(addressSpace).toURL();
TrustStore trustStore = authenticationProvider.getTrustStore();
ConnectionBuilder connectionBuilder = new ConnectionBuilder(userInfoEndpoint);
connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout()).setReadTimeout(authenticationProvider.getReadTimeout());
if (trustStore != null) {
try {
connectionBuilder.setTrustMangers(trustStore.getTrustManagers());
} catch (GeneralSecurityException e) {
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList()).setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList()).setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList()).setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
connection.setRequestProperty("Accept-Charset", UTF8);
connection.setRequestProperty("Accept", "application/json");
connection.setRequestProperty("Authorization", "Bearer " + accessToken);
connection.connect();
try (InputStream input = OAuth2Utils.getResponseStream(connection)) {
int responseCode = connection.getResponseCode();
LOGGER.debug("Call to identity service '{}' complete, response code : {}", userInfoEndpoint, responseCode);
Map<String, String> responseMap;
try {
responseMap = _objectMapper.readValue(input, Map.class);
} catch (JsonProcessingException e) {
throw new IOException(String.format("Identity resolver '%s' did not return json", userInfoEndpoint), e);
}
if (responseCode != 200) {
throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response code %d", userInfoEndpoint, responseCode));
}
final String facebookId = responseMap.get("id");
if (facebookId == null) {
throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response did not include 'id'", userInfoEndpoint));
}
return new UsernamePrincipal(facebookId, authenticationProvider);
}
}
use of org.apache.qpid.server.model.TrustStore in project qpid-broker-j by apache.
the class GoogleOAuth2IdentityResolverService method getUserPrincipal.
@Override
public Principal getUserPrincipal(final OAuth2AuthenticationProvider<?> authenticationProvider, String accessToken, final NamedAddressSpace addressSpace) throws IOException, IdentityResolverException {
URL userInfoEndpoint = authenticationProvider.getIdentityResolverEndpointURI(addressSpace).toURL();
TrustStore trustStore = authenticationProvider.getTrustStore();
ConnectionBuilder connectionBuilder = new ConnectionBuilder(userInfoEndpoint);
connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout()).setReadTimeout(authenticationProvider.getReadTimeout());
if (trustStore != null) {
try {
connectionBuilder.setTrustMangers(trustStore.getTrustManagers());
} catch (GeneralSecurityException e) {
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList()).setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList()).setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList()).setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
connection.setRequestProperty("Accept-Charset", UTF8);
connection.setRequestProperty("Accept", "application/json");
connection.setRequestProperty("Authorization", "Bearer " + accessToken);
connection.connect();
try (InputStream input = OAuth2Utils.getResponseStream(connection)) {
int responseCode = connection.getResponseCode();
LOGGER.debug("Call to identity service '{}' complete, response code : {}", userInfoEndpoint, responseCode);
Map<String, String> responseMap;
try {
responseMap = _objectMapper.readValue(input, Map.class);
} catch (JsonProcessingException e) {
throw new IOException(String.format("Identity resolver '%s' did not return json", userInfoEndpoint), e);
}
if (responseCode != 200) {
throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response code %d", userInfoEndpoint, responseCode));
}
final String googleId = responseMap.get("sub");
if (googleId == null) {
throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response did not include 'sub'", userInfoEndpoint));
}
return new UsernamePrincipal(googleId, authenticationProvider);
}
}
use of org.apache.qpid.server.model.TrustStore in project qpid-broker-j by apache.
the class KeycloakOAuth2IdentityResolverService method getUserPrincipal.
@Override
public Principal getUserPrincipal(final OAuth2AuthenticationProvider<?> authenticationProvider, String accessToken, final NamedAddressSpace addressSpace) throws IOException, IdentityResolverException {
URL userInfoEndpoint = authenticationProvider.getIdentityResolverEndpointURI(addressSpace).toURL();
TrustStore trustStore = authenticationProvider.getTrustStore();
ConnectionBuilder connectionBuilder = new ConnectionBuilder(userInfoEndpoint);
connectionBuilder.setConnectTimeout(authenticationProvider.getConnectTimeout()).setReadTimeout(authenticationProvider.getReadTimeout());
if (trustStore != null) {
try {
connectionBuilder.setTrustMangers(trustStore.getTrustManagers());
} catch (GeneralSecurityException e) {
throw new ServerScopedRuntimeException("Cannot initialise TLS", e);
}
}
connectionBuilder.setTlsProtocolWhiteList(authenticationProvider.getTlsProtocolWhiteList()).setTlsProtocolBlackList(authenticationProvider.getTlsProtocolBlackList()).setTlsCipherSuiteWhiteList(authenticationProvider.getTlsCipherSuiteWhiteList()).setTlsCipherSuiteBlackList(authenticationProvider.getTlsCipherSuiteBlackList());
LOGGER.debug("About to call identity service '{}'", userInfoEndpoint);
HttpURLConnection connection = connectionBuilder.build();
connection.setRequestProperty("Accept-Charset", UTF8);
connection.setRequestProperty("Accept", "application/json");
connection.setRequestProperty("Authorization", "Bearer " + accessToken);
connection.connect();
try (InputStream input = OAuth2Utils.getResponseStream(connection)) {
int responseCode = connection.getResponseCode();
LOGGER.debug("Call to identity service '{}' complete, response code : {}", userInfoEndpoint, responseCode);
Map<String, String> responseMap;
try {
responseMap = _objectMapper.readValue(input, Map.class);
} catch (JsonProcessingException e) {
throw new IOException(String.format("Identity resolver '%s' did not return json", userInfoEndpoint), e);
}
if (responseCode != 200) {
throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response code %d", userInfoEndpoint, responseCode));
}
String username = responseMap.get("preferred_username");
if (username == null) {
username = responseMap.get("sub");
if (username == null) {
throw new IdentityResolverException(String.format("Identity resolver '%s' failed, response did not include 'sub'", userInfoEndpoint));
}
}
return new UsernamePrincipal(username, authenticationProvider);
}
}
use of org.apache.qpid.server.model.TrustStore in project qpid-broker-j by apache.
the class FileTrustStoreTest method testPrivateKeyEntryIgnored.
public void testPrivateKeyEntryIgnored() throws Exception {
final URL keystoreUrl = getClass().getResource(KEYSTORE_RESOURCE);
assertNotNull("Keystore not found", keystoreUrl);
Map<String, Object> attributes = new HashMap<>();
attributes.put(FileTrustStore.NAME, getTestName());
attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
attributes.put(FileTrustStore.STORE_URL, keystoreUrl);
TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
Certificate[] certificates = trustStore.getCertificates();
assertEquals("Unexpected number of certificates", getNumberOfCertificates(keystoreUrl, "jks"), certificates.length);
}
Aggregations