progress on the client
parent
319d0439ea
commit
08a582dfbe
|
@ -10,6 +10,7 @@ import java.security.KeyPairGenerator;
|
||||||
import java.security.PrivateKey;
|
import java.security.PrivateKey;
|
||||||
import java.security.PublicKey;
|
import java.security.PublicKey;
|
||||||
import java.security.Signature;
|
import java.security.Signature;
|
||||||
|
import java.util.Enumeration;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Random;
|
import java.util.Random;
|
||||||
|
@ -46,11 +47,11 @@ import com.google.gson.JsonParser;
|
||||||
* @author nemonik
|
* @author nemonik
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public class OpenIDConnectAuthenticationFilter extends
|
public class OpenIdConnectAuthenticationFilter extends
|
||||||
AbstractAuthenticationProcessingFilter {
|
AbstractAuthenticationProcessingFilter {
|
||||||
|
|
||||||
private static Log logger = LogFactory
|
private static Log logger = LogFactory
|
||||||
.getLog(OpenIDConnectAuthenticationFilter.class);
|
.getLog(OpenIdConnectAuthenticationFilter.class);
|
||||||
|
|
||||||
private final static String SCOPE = "openid";
|
private final static String SCOPE = "openid";
|
||||||
private final static int KEY_SIZE = 1024;
|
private final static int KEY_SIZE = 1024;
|
||||||
|
@ -138,54 +139,31 @@ public class OpenIDConnectAuthenticationFilter extends
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private final String errorRedirectURI;
|
private String errorRedirectURI;
|
||||||
private final String authorizationEndpointURI;
|
|
||||||
private final String tokenEndpointURI;
|
private String authorizationEndpointURI;
|
||||||
private final String checkIDEndpointURI;
|
|
||||||
private final String clientSecret;
|
private String tokenEndpointURI;
|
||||||
private final String clientId;
|
|
||||||
|
private String checkIDEndpointURI;
|
||||||
|
|
||||||
|
private String clientSecret;
|
||||||
|
|
||||||
|
private String clientId;
|
||||||
|
|
||||||
private String scope;
|
private String scope;
|
||||||
|
|
||||||
private PublicKey publicKey;
|
private PublicKey publicKey;
|
||||||
|
|
||||||
private PrivateKey privateKey;
|
private PrivateKey privateKey;
|
||||||
|
|
||||||
private Signature signer;
|
private Signature signer;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param defaultFilterProcessesUrl
|
*
|
||||||
* @param authorizationEndpointURI
|
|
||||||
* @param tokenEndpointURI
|
|
||||||
* @param checkIDEndpointURI
|
|
||||||
* @param clientId
|
|
||||||
* @param scope
|
|
||||||
*/
|
*/
|
||||||
protected OpenIDConnectAuthenticationFilter(String errorRedirectURI,
|
protected OpenIdConnectAuthenticationFilter() {
|
||||||
String clientSecret, String defaultFilterProcessesUrl,
|
super("/j_spring_openid_connect_security_check");
|
||||||
String authorizationEndpointURI, String tokenEndpointURI,
|
|
||||||
String checkIDEndpointURI, String clientId, String scope,
|
|
||||||
String privateModulus, String privateExponent,
|
|
||||||
String publicModulus, String publicExponent) {
|
|
||||||
super(defaultFilterProcessesUrl);
|
|
||||||
|
|
||||||
this.clientSecret = clientSecret;
|
|
||||||
this.errorRedirectURI = errorRedirectURI;
|
|
||||||
this.authorizationEndpointURI = authorizationEndpointURI;
|
|
||||||
this.tokenEndpointURI = tokenEndpointURI;
|
|
||||||
this.checkIDEndpointURI = checkIDEndpointURI;
|
|
||||||
this.clientId = clientId;
|
|
||||||
this.scope = SCOPE + " " + scope;
|
|
||||||
|
|
||||||
KeyPairGenerator keyPairGenerator;
|
|
||||||
try {
|
|
||||||
keyPairGenerator = KeyPairGenerator.getInstance("RSA");
|
|
||||||
keyPairGenerator.initialize(KEY_SIZE);
|
|
||||||
KeyPair keyPair = keyPairGenerator.generateKeyPair();
|
|
||||||
publicKey = keyPair.getPublic();
|
|
||||||
privateKey = keyPair.getPrivate();
|
|
||||||
|
|
||||||
signer = Signature.getInstance(SIGNING_ALGORITHM);
|
|
||||||
} catch (GeneralSecurityException generalSecurityException) {
|
|
||||||
// generalSecurityException.printStackTrace();
|
|
||||||
throw new IllegalStateException(generalSecurityException);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -226,8 +204,25 @@ public class OpenIDConnectAuthenticationFilter extends
|
||||||
throw new IllegalArgumentException(
|
throw new IllegalArgumentException(
|
||||||
"A Client Secret must be supplied");
|
"A Client Secret must be supplied");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
KeyPairGenerator keyPairGenerator;
|
||||||
|
try {
|
||||||
|
keyPairGenerator = KeyPairGenerator.getInstance("RSA");
|
||||||
|
keyPairGenerator.initialize(KEY_SIZE);
|
||||||
|
KeyPair keyPair = keyPairGenerator.generateKeyPair();
|
||||||
|
publicKey = keyPair.getPublic();
|
||||||
|
privateKey = keyPair.getPrivate();
|
||||||
|
|
||||||
|
signer = Signature.getInstance(SIGNING_ALGORITHM);
|
||||||
|
} catch (GeneralSecurityException generalSecurityException) {
|
||||||
|
// generalSecurityException.printStackTrace();
|
||||||
|
throw new IllegalStateException(generalSecurityException);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
setScope(SCOPE + scope);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* (non-Javadoc)
|
* (non-Javadoc)
|
||||||
*
|
*
|
||||||
|
@ -271,11 +266,12 @@ public class OpenIDConnectAuthenticationFilter extends
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
// Handle Authorization Endpoint redirect response
|
// Determine if the Authorization Endpoint issued an
|
||||||
|
// authorization grant
|
||||||
|
|
||||||
String code = request.getParameter("code");
|
String authorizationGrant = request.getParameter("code");
|
||||||
|
|
||||||
if (code != null) {
|
if (authorizationGrant != null) {
|
||||||
|
|
||||||
// Handle Token Endpoint interaction
|
// Handle Token Endpoint interaction
|
||||||
|
|
||||||
|
@ -292,7 +288,8 @@ public class OpenIDConnectAuthenticationFilter extends
|
||||||
|
|
||||||
MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>();
|
MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>();
|
||||||
form.add("grant_type", "authorization_code");
|
form.add("grant_type", "authorization_code");
|
||||||
form.add("code", code);
|
form.add("code", authorizationGrant);
|
||||||
|
//form.add("redirect_uri", buildRedirectURI(request));
|
||||||
form.add("redirect_uri", Utility.findBaseUrl(request));
|
form.add("redirect_uri", Utility.findBaseUrl(request));
|
||||||
|
|
||||||
String jsonString = null;
|
String jsonString = null;
|
||||||
|
@ -357,9 +354,8 @@ public class OpenIDConnectAuthenticationFilter extends
|
||||||
String nonce = jsonRoot.getAsJsonObject().get("nonce")
|
String nonce = jsonRoot.getAsJsonObject().get("nonce")
|
||||||
.getAsString();
|
.getAsString();
|
||||||
|
|
||||||
// The nonce in the returned ID Token is compared to the
|
// Compare returned ID Token to signed session cookie
|
||||||
// signed session cookie to detect ID Token replay by third
|
// to detect ID Token replay by third parties.
|
||||||
// parties.
|
|
||||||
|
|
||||||
Cookie nonceSignatureCookie = WebUtils.getCookie(request,
|
Cookie nonceSignatureCookie = WebUtils.getCookie(request,
|
||||||
NONCE_SIGNATURE_COOKIE_NAME);
|
NONCE_SIGNATURE_COOKIE_NAME);
|
||||||
|
@ -398,7 +394,7 @@ public class OpenIDConnectAuthenticationFilter extends
|
||||||
// Create an Authentication object for the token, and
|
// Create an Authentication object for the token, and
|
||||||
// return.
|
// return.
|
||||||
|
|
||||||
OpenIDConnectAuthenticationToken token = new OpenIDConnectAuthenticationToken(
|
OpenIdConnectAuthenticationToken token = new OpenIdConnectAuthenticationToken(
|
||||||
user_id);
|
user_id);
|
||||||
|
|
||||||
Authentication authentication = this
|
Authentication authentication = this
|
||||||
|
@ -410,7 +406,7 @@ public class OpenIDConnectAuthenticationFilter extends
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
// Handle an Authorization request
|
// Initiate an Authorization request
|
||||||
|
|
||||||
Map<String, String> urlVariables = new HashMap<String, String>();
|
Map<String, String> urlVariables = new HashMap<String, String>();
|
||||||
|
|
||||||
|
@ -419,6 +415,7 @@ public class OpenIDConnectAuthenticationFilter extends
|
||||||
urlVariables.put("response_type", "code");
|
urlVariables.put("response_type", "code");
|
||||||
urlVariables.put("client_id", clientId);
|
urlVariables.put("client_id", clientId);
|
||||||
urlVariables.put("scope", scope);
|
urlVariables.put("scope", scope);
|
||||||
|
//urlVariables.put("redirect_uri", buildRedirectURI(request));
|
||||||
urlVariables.put("redirect_uri", Utility.findBaseUrl(request));
|
urlVariables.put("redirect_uri", Utility.findBaseUrl(request));
|
||||||
|
|
||||||
// Create a string value used to associate a user agent session
|
// Create a string value used to associate a user agent session
|
||||||
|
@ -444,6 +441,75 @@ public class OpenIDConnectAuthenticationFilter extends
|
||||||
urlVariables));
|
urlVariables));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Builds the redirect_uri that will be sent to the Authorization Endpoint.
|
||||||
|
* By default returns the URL of the current request.
|
||||||
|
*
|
||||||
|
* @param request the current request which is being processed by this filter
|
||||||
|
* @return The redirect_uri.
|
||||||
|
*/
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
private String buildRedirectURI(HttpServletRequest request) {
|
||||||
|
|
||||||
|
boolean isFirst = true;
|
||||||
|
|
||||||
|
StringBuffer sb = request.getRequestURL();
|
||||||
|
|
||||||
|
for (Enumeration<?> e = request.getParameterNames() ; e.hasMoreElements(); ) {
|
||||||
|
|
||||||
|
String name = (String) e.nextElement();
|
||||||
|
// Assume for simplicity that there is only one value
|
||||||
|
String value = request.getParameter(name);
|
||||||
|
|
||||||
|
if (value == null) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isFirst) {
|
||||||
|
sb.append("?");
|
||||||
|
isFirst = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
sb.append(name).append("=").append(value);
|
||||||
|
|
||||||
|
if (e.hasMoreElements()) {
|
||||||
|
sb.append("&");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return sb.toString();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public void setAuthorizationEndpointURI(String authorizationEndpointURI) {
|
||||||
|
this.authorizationEndpointURI = authorizationEndpointURI;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setCheckIDEndpointURI(String checkIDEndpointURI) {
|
||||||
|
this.checkIDEndpointURI = checkIDEndpointURI;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setClientId(String clientId) {
|
||||||
|
this.clientId = clientId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setClientSecret(String clientSecret) {
|
||||||
|
this.clientSecret = clientSecret;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setErrorRedirectURI(String errorRedirectURI) {
|
||||||
|
this.errorRedirectURI = errorRedirectURI;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setScope(String scope) {
|
||||||
|
this.scope = scope;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setTokenEndpointURI(String tokenEndpointURI) {
|
||||||
|
this.tokenEndpointURI = tokenEndpointURI;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,7 +12,7 @@ import org.springframework.security.core.SpringSecurityCoreVersion;
|
||||||
* @author nemonik
|
* @author nemonik
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public class OpenIDConnectAuthenticationToken extends
|
public class OpenIdConnectAuthenticationToken extends
|
||||||
AbstractAuthenticationToken {
|
AbstractAuthenticationToken {
|
||||||
|
|
||||||
private final String userId;
|
private final String userId;
|
||||||
|
@ -22,7 +22,7 @@ public class OpenIDConnectAuthenticationToken extends
|
||||||
/**
|
/**
|
||||||
* @param userId
|
* @param userId
|
||||||
*/
|
*/
|
||||||
public OpenIDConnectAuthenticationToken(String userId) {
|
public OpenIdConnectAuthenticationToken(String userId) {
|
||||||
super(new ArrayList<GrantedAuthority>(0));
|
super(new ArrayList<GrantedAuthority>(0));
|
||||||
this.userId = userId;
|
this.userId = userId;
|
||||||
setAuthenticated(true);
|
setAuthenticated(true);
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
package org.mitre.client;
|
||||||
|
|
||||||
|
import org.springframework.beans.factory.InitializingBean;
|
||||||
|
import org.springframework.security.authentication.AuthenticationProvider;
|
||||||
|
import org.springframework.security.core.Authentication;
|
||||||
|
import org.springframework.security.core.AuthenticationException;
|
||||||
|
|
||||||
|
public class OpenIdConnectAuthenticationProvider implements
|
||||||
|
AuthenticationProvider, InitializingBean {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void afterPropertiesSet() throws Exception {
|
||||||
|
// TODO Auto-generated method stub
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Authentication authenticate(Authentication arg0)
|
||||||
|
throws AuthenticationException {
|
||||||
|
// TODO Auto-generated method stub
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean supports(Class<?> arg0) {
|
||||||
|
// TODO Auto-generated method stub
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue