Search in sources :

Example 1 with VerifierConfig

use of org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.VerifierConfig in project devspaces-images by redhat-developer.

the class JwtProxyConfigBuilder method build.

public String build() throws InternalInfrastructureException {
    List<VerifierProxyConfig> proxyConfigs = new ArrayList<>();
    Config config = new Config().withJWTProxy(new JWTProxy().withSignerProxy(new SignerProxyConfig().withEnabled(false)).withVerifiedProxyConfigs(proxyConfigs));
    for (VerifierProxy verifierProxy : verifierProxies) {
        VerifierConfig verifierConfig = new VerifierConfig().withAudience(workspaceId).withUpstream(verifierProxy.upstream).withMaxSkew("1m").withMaxTtl(ttl).withKeyServer(new RegistrableComponentConfig().withType("preshared").withOptions(ImmutableMap.of("issuer", issuer, "key_id", workspaceId, "public_key_path", JWT_PROXY_CONFIG_FOLDER + '/' + JWT_PROXY_PUBLIC_KEY_FILE))).withCookiesEnabled(verifierProxy.cookiesAuthEnabled).withCookiePath(ensureStartsWithSlash(verifierProxy.cookiePath)).withClaimsVerifier(Collections.singleton(new RegistrableComponentConfig().withType("static").withOptions(ImmutableMap.of("iss", issuer)))).withNonceStorage(new RegistrableComponentConfig().withType("void"));
        if (!verifierProxy.excludes.isEmpty()) {
            verifierConfig.setExcludes(verifierProxy.excludes);
        }
        if (verifierProxy.cookiesAuthEnabled && authPageUrl != null) {
            verifierConfig.setAuthUrl(authPageUrl.toString());
        }
        if (verifierProxy.publicBasePath != null) {
            verifierConfig.setPublicBasePath(verifierProxy.publicBasePath);
        }
        VerifierProxyConfig proxyConfig = new VerifierProxyConfig().withListenAddr(":" + verifierProxy.listenPort).withVerifierConfig(verifierConfig);
        proxyConfigs.add(proxyConfig);
    }
    try {
        return YAML_PARSER.writeValueAsString(config);
    } catch (JsonProcessingException e) {
        throw new InternalInfrastructureException("Error during creation of JWTProxy config YAML: " + e.getMessage(), e);
    }
}
Also used : SignerProxyConfig(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.SignerProxyConfig) VerifierConfig(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.VerifierConfig) Config(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.Config) RegistrableComponentConfig(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.RegistrableComponentConfig) SignerProxyConfig(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.SignerProxyConfig) VerifierProxyConfig(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.VerifierProxyConfig) RegistrableComponentConfig(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.RegistrableComponentConfig) ArrayList(java.util.ArrayList) VerifierProxyConfig(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.VerifierProxyConfig) VerifierConfig(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.VerifierConfig) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) JWTProxy(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.JWTProxy) InternalInfrastructureException(org.eclipse.che.api.workspace.server.spi.InternalInfrastructureException)

Example 2 with VerifierConfig

use of org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.VerifierConfig in project che-server by eclipse-che.

the class JwtProxyConfigBuilder method build.

public String build() throws InternalInfrastructureException {
    List<VerifierProxyConfig> proxyConfigs = new ArrayList<>();
    Config config = new Config().withJWTProxy(new JWTProxy().withSignerProxy(new SignerProxyConfig().withEnabled(false)).withVerifiedProxyConfigs(proxyConfigs));
    for (VerifierProxy verifierProxy : verifierProxies) {
        VerifierConfig verifierConfig = new VerifierConfig().withAudience(workspaceId).withUpstream(verifierProxy.upstream).withMaxSkew("1m").withMaxTtl(ttl).withKeyServer(new RegistrableComponentConfig().withType("preshared").withOptions(ImmutableMap.of("issuer", issuer, "key_id", workspaceId, "public_key_path", JWT_PROXY_CONFIG_FOLDER + '/' + JWT_PROXY_PUBLIC_KEY_FILE))).withCookiesEnabled(verifierProxy.cookiesAuthEnabled).withCookiePath(ensureStartsWithSlash(verifierProxy.cookiePath)).withClaimsVerifier(Collections.singleton(new RegistrableComponentConfig().withType("static").withOptions(ImmutableMap.of("iss", issuer)))).withNonceStorage(new RegistrableComponentConfig().withType("void"));
        if (!verifierProxy.excludes.isEmpty()) {
            verifierConfig.setExcludes(verifierProxy.excludes);
        }
        if (verifierProxy.cookiesAuthEnabled && authPageUrl != null) {
            verifierConfig.setAuthUrl(authPageUrl.toString());
        }
        if (verifierProxy.publicBasePath != null) {
            verifierConfig.setPublicBasePath(verifierProxy.publicBasePath);
        }
        VerifierProxyConfig proxyConfig = new VerifierProxyConfig().withListenAddr(":" + verifierProxy.listenPort).withVerifierConfig(verifierConfig);
        proxyConfigs.add(proxyConfig);
    }
    try {
        return YAML_PARSER.writeValueAsString(config);
    } catch (JsonProcessingException e) {
        throw new InternalInfrastructureException("Error during creation of JWTProxy config YAML: " + e.getMessage(), e);
    }
}
Also used : SignerProxyConfig(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.SignerProxyConfig) VerifierConfig(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.VerifierConfig) Config(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.Config) RegistrableComponentConfig(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.RegistrableComponentConfig) SignerProxyConfig(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.SignerProxyConfig) VerifierProxyConfig(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.VerifierProxyConfig) RegistrableComponentConfig(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.RegistrableComponentConfig) ArrayList(java.util.ArrayList) VerifierProxyConfig(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.VerifierProxyConfig) VerifierConfig(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.VerifierConfig) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) JWTProxy(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.JWTProxy) InternalInfrastructureException(org.eclipse.che.api.workspace.server.spi.InternalInfrastructureException)

Aggregations

JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)2 ArrayList (java.util.ArrayList)2 InternalInfrastructureException (org.eclipse.che.api.workspace.server.spi.InternalInfrastructureException)2 Config (org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.Config)2 JWTProxy (org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.JWTProxy)2 RegistrableComponentConfig (org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.RegistrableComponentConfig)2 SignerProxyConfig (org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.SignerProxyConfig)2 VerifierConfig (org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.VerifierConfig)2 VerifierProxyConfig (org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.model.VerifierProxyConfig)2