progress on the client

pull/59/head
nemonik 2012-03-08 12:41:19 -05:00
parent 319d0439ea
commit 08a582dfbe
3 changed files with 150 additions and 54 deletions

View File

@ -10,6 +10,7 @@ import java.security.KeyPairGenerator;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.PublicKey; import java.security.PublicKey;
import java.security.Signature; import java.security.Signature;
import java.util.Enumeration;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.Random; import java.util.Random;
@ -46,11 +47,11 @@ import com.google.gson.JsonParser;
* @author nemonik * @author nemonik
* *
*/ */
public class OpenIDConnectAuthenticationFilter extends public class OpenIdConnectAuthenticationFilter extends
AbstractAuthenticationProcessingFilter { AbstractAuthenticationProcessingFilter {
private static Log logger = LogFactory private static Log logger = LogFactory
.getLog(OpenIDConnectAuthenticationFilter.class); .getLog(OpenIdConnectAuthenticationFilter.class);
private final static String SCOPE = "openid"; private final static String SCOPE = "openid";
private final static int KEY_SIZE = 1024; private final static int KEY_SIZE = 1024;
@ -138,54 +139,31 @@ public class OpenIDConnectAuthenticationFilter extends
} }
} }
private final String errorRedirectURI; private String errorRedirectURI;
private final String authorizationEndpointURI;
private final String tokenEndpointURI; private String authorizationEndpointURI;
private final String checkIDEndpointURI;
private final String clientSecret; private String tokenEndpointURI;
private final String clientId;
private String checkIDEndpointURI;
private String clientSecret;
private String clientId;
private String scope; private String scope;
private PublicKey publicKey; private PublicKey publicKey;
private PrivateKey privateKey; private PrivateKey privateKey;
private Signature signer; private Signature signer;
/** /**
* @param defaultFilterProcessesUrl *
* @param authorizationEndpointURI
* @param tokenEndpointURI
* @param checkIDEndpointURI
* @param clientId
* @param scope
*/ */
protected OpenIDConnectAuthenticationFilter(String errorRedirectURI, protected OpenIdConnectAuthenticationFilter() {
String clientSecret, String defaultFilterProcessesUrl, super("/j_spring_openid_connect_security_check");
String authorizationEndpointURI, String tokenEndpointURI,
String checkIDEndpointURI, String clientId, String scope,
String privateModulus, String privateExponent,
String publicModulus, String publicExponent) {
super(defaultFilterProcessesUrl);
this.clientSecret = clientSecret;
this.errorRedirectURI = errorRedirectURI;
this.authorizationEndpointURI = authorizationEndpointURI;
this.tokenEndpointURI = tokenEndpointURI;
this.checkIDEndpointURI = checkIDEndpointURI;
this.clientId = clientId;
this.scope = SCOPE + " " + scope;
KeyPairGenerator keyPairGenerator;
try {
keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(KEY_SIZE);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
publicKey = keyPair.getPublic();
privateKey = keyPair.getPrivate();
signer = Signature.getInstance(SIGNING_ALGORITHM);
} catch (GeneralSecurityException generalSecurityException) {
// generalSecurityException.printStackTrace();
throw new IllegalStateException(generalSecurityException);
}
} }
/* /*
@ -226,8 +204,25 @@ public class OpenIDConnectAuthenticationFilter extends
throw new IllegalArgumentException( throw new IllegalArgumentException(
"A Client Secret must be supplied"); "A Client Secret must be supplied");
} }
KeyPairGenerator keyPairGenerator;
try {
keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(KEY_SIZE);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
publicKey = keyPair.getPublic();
privateKey = keyPair.getPrivate();
signer = Signature.getInstance(SIGNING_ALGORITHM);
} catch (GeneralSecurityException generalSecurityException) {
// generalSecurityException.printStackTrace();
throw new IllegalStateException(generalSecurityException);
}
setScope(SCOPE + scope);
} }
/* /*
* (non-Javadoc) * (non-Javadoc)
* *
@ -271,11 +266,12 @@ public class OpenIDConnectAuthenticationFilter extends
} else { } else {
// Handle Authorization Endpoint redirect response // Determine if the Authorization Endpoint issued an
// authorization grant
String code = request.getParameter("code"); String authorizationGrant = request.getParameter("code");
if (code != null) { if (authorizationGrant != null) {
// Handle Token Endpoint interaction // Handle Token Endpoint interaction
@ -292,7 +288,8 @@ public class OpenIDConnectAuthenticationFilter extends
MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>(); MultiValueMap<String, String> form = new LinkedMultiValueMap<String, String>();
form.add("grant_type", "authorization_code"); form.add("grant_type", "authorization_code");
form.add("code", code); form.add("code", authorizationGrant);
//form.add("redirect_uri", buildRedirectURI(request));
form.add("redirect_uri", Utility.findBaseUrl(request)); form.add("redirect_uri", Utility.findBaseUrl(request));
String jsonString = null; String jsonString = null;
@ -357,9 +354,8 @@ public class OpenIDConnectAuthenticationFilter extends
String nonce = jsonRoot.getAsJsonObject().get("nonce") String nonce = jsonRoot.getAsJsonObject().get("nonce")
.getAsString(); .getAsString();
// The nonce in the returned ID Token is compared to the // Compare returned ID Token to signed session cookie
// signed session cookie to detect ID Token replay by third // to detect ID Token replay by third parties.
// parties.
Cookie nonceSignatureCookie = WebUtils.getCookie(request, Cookie nonceSignatureCookie = WebUtils.getCookie(request,
NONCE_SIGNATURE_COOKIE_NAME); NONCE_SIGNATURE_COOKIE_NAME);
@ -398,7 +394,7 @@ public class OpenIDConnectAuthenticationFilter extends
// Create an Authentication object for the token, and // Create an Authentication object for the token, and
// return. // return.
OpenIDConnectAuthenticationToken token = new OpenIDConnectAuthenticationToken( OpenIdConnectAuthenticationToken token = new OpenIdConnectAuthenticationToken(
user_id); user_id);
Authentication authentication = this Authentication authentication = this
@ -410,7 +406,7 @@ public class OpenIDConnectAuthenticationFilter extends
} else { } else {
// Handle an Authorization request // Initiate an Authorization request
Map<String, String> urlVariables = new HashMap<String, String>(); Map<String, String> urlVariables = new HashMap<String, String>();
@ -419,6 +415,7 @@ public class OpenIDConnectAuthenticationFilter extends
urlVariables.put("response_type", "code"); urlVariables.put("response_type", "code");
urlVariables.put("client_id", clientId); urlVariables.put("client_id", clientId);
urlVariables.put("scope", scope); urlVariables.put("scope", scope);
//urlVariables.put("redirect_uri", buildRedirectURI(request));
urlVariables.put("redirect_uri", Utility.findBaseUrl(request)); urlVariables.put("redirect_uri", Utility.findBaseUrl(request));
// Create a string value used to associate a user agent session // Create a string value used to associate a user agent session
@ -444,6 +441,75 @@ public class OpenIDConnectAuthenticationFilter extends
urlVariables)); urlVariables));
} }
} }
return null; return null;
} }
/**
* Builds the redirect_uri that will be sent to the Authorization Endpoint.
* By default returns the URL of the current request.
*
* @param request the current request which is being processed by this filter
* @return The redirect_uri.
*/
@SuppressWarnings("unused")
private String buildRedirectURI(HttpServletRequest request) {
boolean isFirst = true;
StringBuffer sb = request.getRequestURL();
for (Enumeration<?> e = request.getParameterNames() ; e.hasMoreElements(); ) {
String name = (String) e.nextElement();
// Assume for simplicity that there is only one value
String value = request.getParameter(name);
if (value == null) {
continue;
}
if (isFirst) {
sb.append("?");
isFirst = false;
}
sb.append(name).append("=").append(value);
if (e.hasMoreElements()) {
sb.append("&");
}
}
return sb.toString();
}
public void setAuthorizationEndpointURI(String authorizationEndpointURI) {
this.authorizationEndpointURI = authorizationEndpointURI;
}
public void setCheckIDEndpointURI(String checkIDEndpointURI) {
this.checkIDEndpointURI = checkIDEndpointURI;
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public void setClientSecret(String clientSecret) {
this.clientSecret = clientSecret;
}
public void setErrorRedirectURI(String errorRedirectURI) {
this.errorRedirectURI = errorRedirectURI;
}
public void setScope(String scope) {
this.scope = scope;
}
public void setTokenEndpointURI(String tokenEndpointURI) {
this.tokenEndpointURI = tokenEndpointURI;
}
} }

View File

@ -12,7 +12,7 @@ import org.springframework.security.core.SpringSecurityCoreVersion;
* @author nemonik * @author nemonik
* *
*/ */
public class OpenIDConnectAuthenticationToken extends public class OpenIdConnectAuthenticationToken extends
AbstractAuthenticationToken { AbstractAuthenticationToken {
private final String userId; private final String userId;
@ -22,7 +22,7 @@ public class OpenIDConnectAuthenticationToken extends
/** /**
* @param userId * @param userId
*/ */
public OpenIDConnectAuthenticationToken(String userId) { public OpenIdConnectAuthenticationToken(String userId) {
super(new ArrayList<GrantedAuthority>(0)); super(new ArrayList<GrantedAuthority>(0));
this.userId = userId; this.userId = userId;
setAuthenticated(true); setAuthenticated(true);

View File

@ -0,0 +1,30 @@
package org.mitre.client;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
public class OpenIdConnectAuthenticationProvider implements
AuthenticationProvider, InitializingBean {
@Override
public void afterPropertiesSet() throws Exception {
// TODO Auto-generated method stub
}
@Override
public Authentication authenticate(Authentication arg0)
throws AuthenticationException {
// TODO Auto-generated method stub
return null;
}
@Override
public boolean supports(Class<?> arg0) {
// TODO Auto-generated method stub
return false;
}
}