use of org.apereo.cas.services.RegisteredServicePublicKeyImpl in project cas by apereo.
the class DefaultRegisteredServiceMapper method toRegisteredService.
@Override
public RegisteredService toRegisteredService(final RegisteredServiceEditBean.ServiceData data) {
try {
final AbstractRegisteredService regSvc;
// create base RegisteredService object
final String type = data.getType();
if (StringUtils.equalsIgnoreCase(type, RegisteredServiceTypeEditBean.OAUTH.toString()) || StringUtils.equalsIgnoreCase(type, RegisteredServiceTypeEditBean.OIDC.toString())) {
if (StringUtils.equalsIgnoreCase(type, RegisteredServiceTypeEditBean.OAUTH.toString())) {
regSvc = new OAuthRegisteredService();
} else {
regSvc = new OidcRegisteredService();
}
final RegisteredServiceOAuthTypeEditBean oauthBean = data.getOauth();
((OAuthRegisteredService) regSvc).setClientId(oauthBean.getClientId());
((OAuthRegisteredService) regSvc).setClientSecret(oauthBean.getClientSecret());
((OAuthRegisteredService) regSvc).setBypassApprovalPrompt(oauthBean.isBypass());
((OAuthRegisteredService) regSvc).setGenerateRefreshToken(oauthBean.isRefreshToken());
((OAuthRegisteredService) regSvc).setJsonFormat(oauthBean.isJsonFormat());
if (StringUtils.equalsIgnoreCase(type, RegisteredServiceTypeEditBean.OIDC.toString())) {
((OidcRegisteredService) regSvc).setJwks(data.getOidc().getJwks());
((OidcRegisteredService) regSvc).setSignIdToken(data.getOidc().isSignToken());
((OidcRegisteredService) regSvc).setImplicit(data.getOidc().isImplicit());
((OidcRegisteredService) regSvc).setEncryptIdToken(data.getOidc().isEncrypt());
((OidcRegisteredService) regSvc).setIdTokenEncryptionAlg(data.getOidc().getEncryptAlg());
((OidcRegisteredService) regSvc).setIdTokenEncryptionEncoding(data.getOidc().getEncryptEnc());
((OidcRegisteredService) regSvc).setScopes(org.springframework.util.StringUtils.commaDelimitedListToSet(data.getOidc().getScopes()));
}
} else if (StringUtils.equalsIgnoreCase(type, RegisteredServiceTypeEditBean.SAML.toString())) {
regSvc = new SamlRegisteredService();
final RegisteredServiceSamlTypeEditBean samlBean = data.getSaml();
((SamlRegisteredService) regSvc).setEncryptAssertions(samlBean.isEncAssert());
((SamlRegisteredService) regSvc).setSignAssertions(samlBean.isSignAssert());
((SamlRegisteredService) regSvc).setSignResponses(samlBean.isSignResp());
((SamlRegisteredService) regSvc).setMetadataLocation(samlBean.getMdLoc());
((SamlRegisteredService) regSvc).setMetadataSignatureLocation(samlBean.getMdSigLoc());
((SamlRegisteredService) regSvc).setMetadataMaxValidity(samlBean.getMdMaxVal());
((SamlRegisteredService) regSvc).setRequiredAuthenticationContextClass(samlBean.getAuthCtxCls());
((SamlRegisteredService) regSvc).setMetadataCriteriaRemoveEmptyEntitiesDescriptors(samlBean.isRemoveEmptyEntities());
((SamlRegisteredService) regSvc).setMetadataCriteriaRemoveRolelessEntityDescriptors(samlBean.isRemoveRoleless());
if (StringUtils.isNotBlank(samlBean.getDir())) {
((SamlRegisteredService) regSvc).setMetadataCriteriaDirection(samlBean.getDir().toUpperCase());
}
if (StringUtils.isNotBlank(samlBean.getMdPattern()) && RegexUtils.isValidRegex(samlBean.getMdPattern())) {
((SamlRegisteredService) regSvc).setMetadataCriteriaPattern(samlBean.getMdPattern());
}
if (samlBean.getRoles() != null && !samlBean.getRoles().isEmpty()) {
((SamlRegisteredService) regSvc).setMetadataCriteriaRoles(org.springframework.util.StringUtils.collectionToCommaDelimitedString(samlBean.getRoles()));
}
} else {
if (RegexUtils.isValidRegex(data.getServiceId())) {
regSvc = new RegexRegisteredService();
} else {
throw new RuntimeException("Invalid service type.");
}
}
// set the assigned Id
final long assignedId = Long.parseLong(data.getAssignedId());
if (assignedId <= 0) {
regSvc.setId(RegisteredService.INITIAL_IDENTIFIER_VALUE);
} else {
regSvc.setId(assignedId);
}
// set simple RegisteredService properties
regSvc.setServiceId(data.getServiceId());
regSvc.setName(data.getName());
regSvc.setDescription(data.getDescription());
if (StringUtils.isNotBlank(data.getLogoUrl())) {
regSvc.setLogo(new URL(data.getLogoUrl()));
}
regSvc.setTheme(data.getTheme());
regSvc.setEvaluationOrder(data.getEvalOrder());
regSvc.setRequiredHandlers(data.getRequiredHandlers());
regSvc.setPrivacyUrl(data.getPrivacyUrl());
regSvc.setInformationUrl(data.getInformationUrl());
// process logout settings
regSvc.setLogoutType(parseLogoutType(data.getLogoutType()));
if (StringUtils.isNotBlank(data.getLogoutUrl())) {
regSvc.setLogoutUrl(new URL(data.getLogoutUrl()));
}
// process the Public Key
final RegisteredServicePublicKeyEditBean publicKey = data.getPublicKey();
if (publicKey != null && publicKey.isValid()) {
regSvc.setPublicKey(new RegisteredServicePublicKeyImpl(publicKey.getLocation(), publicKey.getAlgorithm()));
}
final Set<RegisteredServiceEditBean.ServiceData.PropertyBean> props = data.getProperties();
props.forEach(str -> {
final DefaultRegisteredServiceProperty value = new DefaultRegisteredServiceProperty();
value.setValues(org.springframework.util.StringUtils.commaDelimitedListToSet(str.getValue()));
regSvc.getProperties().put(str.getName(), value);
});
return regSvc;
} catch (final Exception e) {
throw Throwables.propagate(e);
}
}
use of org.apereo.cas.services.RegisteredServicePublicKeyImpl in project cas by apereo.
the class CasRegisteredServicesTestConfiguration method inMemoryRegisteredServices.
@Bean
public List inMemoryRegisteredServices() {
final List l = new ArrayList();
AbstractRegisteredService svc = RegisteredServiceTestUtils.getRegisteredService("testencryption$");
final ReturnAllowedAttributeReleasePolicy policy = new ReturnAllowedAttributeReleasePolicy();
policy.setAuthorizedToReleaseCredentialPassword(true);
policy.setAuthorizedToReleaseProxyGrantingTicket(true);
final RegisteredServicePublicKeyImpl publicKey = new RegisteredServicePublicKeyImpl();
publicKey.setLocation("classpath:keys/RSA1024Public.key");
svc.setPublicKey(publicKey);
svc.setAttributeReleasePolicy(policy);
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("testDefault");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("https://example\\.com/normal/.*");
svc.setEvaluationOrder(10);
svc.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("https://example\\.com/high/.*");
svc.setEvaluationOrder(20);
svc.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
final HashSet handlers = CollectionUtils.wrapHashSet(AcceptUsersAuthenticationHandler.class.getSimpleName(), TestOneTimePasswordAuthenticationHandler.class.getSimpleName());
svc.setRequiredHandlers(handlers);
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("(https://)*google.com$");
svc.setEvaluationOrder(1);
svc.setProxyPolicy(new RegexMatchingRegisteredServiceProxyPolicy(".+"));
svc.setPublicKey(new RegisteredServicePublicKeyImpl("classpath:keys/RSA4096Public.key", "RSA"));
final ReturnAllowedAttributeReleasePolicy policy1 = new ReturnAllowedAttributeReleasePolicy();
policy1.setAuthorizedToReleaseCredentialPassword(true);
policy1.setAuthorizedToReleaseProxyGrantingTicket(true);
svc.setAttributeReleasePolicy(policy1);
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("eduPersonTest");
svc.setUsernameAttributeProvider(new PrincipalAttributeRegisteredServiceUsernameProvider("eduPersonAffiliation"));
svc.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("testencryption$");
final ReturnAllowedAttributeReleasePolicy policy2 = new ReturnAllowedAttributeReleasePolicy();
policy2.setAuthorizedToReleaseCredentialPassword(true);
policy2.setAuthorizedToReleaseProxyGrantingTicket(true);
svc.setAttributeReleasePolicy(policy2);
svc.setPublicKey(new RegisteredServicePublicKeyImpl("classpath:keys/RSA1024Public.key", "RSA"));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("^TestServiceAttributeForAuthzFails");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("cn", CollectionUtils.wrapSet("cnValue"), "givenName", CollectionUtils.wrapSet("gnameValue"))));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("^TestSsoFalse");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(true, false));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("TestServiceAttributeForAuthzPasses");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("groupMembership", CollectionUtils.wrapSet("adopters"))));
svc.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("eduPersonTestInvalid");
svc.setUsernameAttributeProvider(new PrincipalAttributeRegisteredServiceUsernameProvider("nonExistentAttributeName"));
svc.setAttributeReleasePolicy(new ReturnAllowedAttributeReleasePolicy(CollectionUtils.wrap("groupMembership")));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("testAnonymous");
svc.setUsernameAttributeProvider(new AnonymousRegisteredServiceUsernameAttributeProvider());
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("^http://www.jasig.org.+");
svc.setProxyPolicy(new RegexMatchingRegisteredServiceProxyPolicy(".+"));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("usernameAttributeProviderService");
svc.setUsernameAttributeProvider(new PrincipalAttributeRegisteredServiceUsernameProvider("cn"));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("proxyService");
svc.setProxyPolicy(new RegexMatchingRegisteredServiceProxyPolicy("^https://.+"));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("^test.*");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
svc.setEvaluationOrder(1000);
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("https://localhost.*");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
svc.setEvaluationOrder(100);
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("https://carmenwiki.osu.edu.*");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
svc.setEvaluationOrder(99);
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("jwtservice");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
final DefaultRegisteredServiceProperty prop = new DefaultRegisteredServiceProperty();
prop.setValues(CollectionUtils.wrapSet(Boolean.TRUE.toString()));
svc.getProperties().put(RegisteredServiceProperty.RegisteredServiceProperties.TOKEN_AS_SERVICE_TICKET.getPropertyName(), prop);
svc.setEvaluationOrder(2000);
l.add(svc);
return l;
}
use of org.apereo.cas.services.RegisteredServicePublicKeyImpl in project cas by apereo.
the class RegisteredServiceSerializer method write.
@Override
public void write(final Kryo kryo, final Output output, final RegisteredService service) {
kryo.writeObject(output, service.getServiceId());
kryo.writeObject(output, StringUtils.defaultIfEmpty(service.getName(), StringUtils.EMPTY));
kryo.writeObject(output, StringUtils.defaultIfEmpty(service.getDescription(), StringUtils.EMPTY));
kryo.writeObject(output, service.getId());
kryo.writeObject(output, service.getEvaluationOrder());
final URL emptyUrl = getEmptyUrl();
kryo.writeObject(output, ObjectUtils.defaultIfNull(service.getLogo(), emptyUrl));
kryo.writeObject(output, service.getLogoutType());
kryo.writeObject(output, ObjectUtils.defaultIfNull(service.getLogoutUrl(), emptyUrl));
kryo.writeObject(output, new HashSet<>(service.getRequiredHandlers()));
kryo.writeObject(output, StringUtils.defaultIfEmpty(service.getTheme(), StringUtils.EMPTY));
writeObjectByReflection(kryo, output, ObjectUtils.defaultIfNull(service.getPublicKey(), new RegisteredServicePublicKeyImpl()));
writeObjectByReflection(kryo, output, ObjectUtils.defaultIfNull(service.getProxyPolicy(), new RefuseRegisteredServiceProxyPolicy()));
writeObjectByReflection(kryo, output, ObjectUtils.defaultIfNull(service.getAttributeReleasePolicy(), new ReturnAllowedAttributeReleasePolicy()));
writeObjectByReflection(kryo, output, ObjectUtils.defaultIfNull(service.getUsernameAttributeProvider(), new DefaultRegisteredServiceUsernameProvider()));
writeObjectByReflection(kryo, output, ObjectUtils.defaultIfNull(service.getAccessStrategy(), new DefaultRegisteredServiceAccessStrategy()));
writeObjectByReflection(kryo, output, ObjectUtils.defaultIfNull(service.getMultifactorPolicy(), new DefaultRegisteredServiceMultifactorPolicy()));
kryo.writeObject(output, StringUtils.defaultIfEmpty(service.getInformationUrl(), StringUtils.EMPTY));
kryo.writeObject(output, StringUtils.defaultIfEmpty(service.getPrivacyUrl(), StringUtils.EMPTY));
kryo.writeObject(output, new HashMap<>(service.getProperties()));
}
use of org.apereo.cas.services.RegisteredServicePublicKeyImpl in project cas by apereo.
the class RegisteredServiceNoOpCipherExecutorTests method getService.
private static AbstractRegisteredService getService(final String keyLocation) {
val svc = new RegexRegisteredService();
svc.setServiceId("Testing");
svc.setPublicKey(new RegisteredServicePublicKeyImpl(keyLocation, "RSA"));
return svc;
}
use of org.apereo.cas.services.RegisteredServicePublicKeyImpl in project cas by apereo.
the class DefaultRegisteredServiceCipherExecutorTests method getService.
private AbstractRegisteredService getService(final String keyLocation) {
final AbstractRegisteredService svc = new RegexRegisteredService();
svc.setServiceId("Testing");
svc.setPublicKey(new RegisteredServicePublicKeyImpl(keyLocation, "RSA"));
return svc;
}
Aggregations