added skeleton of data import/export API

openid-connect-common/src/main/java/org/mitre/openid/connect/service/MITREidDataService.java

@@ -0,0 +1,50 @@
+/*******************************************************************************
+ * Copyright 2014 The MITRE Corporation
+ *   and the MIT Kerberos and Internet Trust Consortium
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ ******************************************************************************/
+package org.mitre.openid.connect.service;
+
+import java.io.IOException;
+
+import com.google.gson.stream.JsonReader;
+import com.google.gson.stream.JsonWriter;
+
+/**
+ * @author jricher
+ *
+ */
+public interface MITREidDataService {
+
+	/**
+	 * Data member for 1.0 configuration
+	 */
+	public static final String MITREID_CONNECT_1_0 = "mitreid-connect-1.0";
+
+	/**
+	 * Write out the current server state to the given JSON writer as a JSON object
+	 * 
+	 * @param writer
+	 * @throws IOException 
+	 */
+    void exportData(JsonWriter writer) throws IOException;
+
+	/**
+	 * Read in the current server state from the given JSON reader as a JSON object
+	 * 
+	 * @param reader
+	 */
+    void importData(JsonReader reader) throws IOException;
+
+}

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java

@@ -0,0 +1,216 @@
+/*******************************************************************************
+ * Copyright 2014 The MITRE Corporation
+ *   and the MIT Kerberos and Internet Trust Consortium
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ ******************************************************************************/
+package org.mitre.openid.connect.service.impl;
+
+import java.io.IOException;
+
+import org.mitre.openid.connect.service.MITREidDataService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.gson.stream.JsonReader;
+import com.google.gson.stream.JsonToken;
+import com.google.gson.stream.JsonWriter;
+
+/**
+ * 
+ * Data service to import and export MITREid 1.0 configuration.
+ * 
+ * @author jricher
+ *
+ */
+public class MITREidDataService_1_0 implements MITREidDataService {
+
+	private final static Logger logger = LoggerFactory.getLogger(MITREidDataService_1_0.class);
+
+	// member names
+	private static final String REFRESHTOKENS = "refreshtokens";
+    private static final String ACCESSTOKENS = "accesstokens";
+    private static final String AUTHENTICATIONHOLDERS = "authenticationholders";
+    private static final String GRANTS = "grants";
+    private static final String CLIENTS = "clients";
+
+	/* (non-Javadoc)
+	 * @see org.mitre.openid.connect.service.MITREidDataService#export(com.google.gson.stream.JsonWriter)
+	 */
+    @Override
+    public void exportData(JsonWriter writer) throws IOException {
+
+    	// version tag at the root
+		writer.name(MITREID_CONNECT_1_0);
+
+		writer.beginObject();
+		
+		// clients list
+		writer.name(CLIENTS);
+		writer.beginArray();
+		writeClients(writer);
+		writer.endArray();
+		
+		
+		writer.name(GRANTS);
+		writer.beginArray();
+		writeGrants(writer);
+		writer.endArray();
+		
+		writer.name(AUTHENTICATIONHOLDERS);
+		writer.beginArray();
+		writeAuthenticationHolders(writer);
+		writer.endArray();
+		
+		writer.name(ACCESSTOKENS);
+		writer.beginArray();
+		writeAccessTokens(writer);
+		writer.endArray();
+		
+		
+		writer.name(REFRESHTOKENS);
+		writer.beginArray();
+		writeRefreshTokens(writer);
+		writer.endArray();
+		
+		writer.endObject(); // end mitreid-connect-1.0
+		
+	
+    }
+
+	/**
+	 * @param writer
+	 */
+    private void writeRefreshTokens(JsonWriter writer) {
+	    // TODO Auto-generated method stub
+	    
+    }
+
+	/**
+	 * @param writer
+	 */
+    private void writeAccessTokens(JsonWriter writer) {
+	    // TODO Auto-generated method stub
+	    
+    }
+
+	/**
+	 * @param writer
+	 */
+    private void writeAuthenticationHolders(JsonWriter writer) {
+	    // TODO Auto-generated method stub
+	    
+    }
+
+	/**
+	 * @param writer
+	 */
+    private void writeGrants(JsonWriter writer) {
+	    // TODO Auto-generated method stub
+	    
+    }
+
+	/**
+	 * @param writer
+	 */
+    private void writeClients(JsonWriter writer) {
+	    // TODO Auto-generated method stub
+	    
+    }
+
+	/* (non-Javadoc)
+	 * @see org.mitre.openid.connect.service.MITREidDataService#importData(com.google.gson.stream.JsonReader)
+	 */
+    @Override
+    public void importData(JsonReader reader) throws IOException {
+
+    	logger.info("Reading configuration for 1.0");
+    	
+    	// this *HAS* to start as an object
+    	reader.beginObject();
+    	
+	    while (reader.hasNext()) {
+	    	JsonToken tok = reader.peek();
+	    	switch(tok) {
+	    		case NAME:
+	    			String name = reader.nextName();
+	    			
+	    			// find out which member it is
+	    			if (name.equals(CLIENTS)) {
+	    				readClients(reader);
+	    			} else if (name.equals(GRANTS)) {
+	    				readGrants(reader);
+	    			} else if (name.equals(AUTHENTICATIONHOLDERS)) {
+	    				readAuthenticationHolders(reader);
+	    			} else if (name.equals(ACCESSTOKENS)) {
+	    				readAccessTokens(reader);
+	    			} else if (name.equals(REFRESHTOKENS)) {
+	    				readRefreshTokens(reader);
+	    			} else {
+	    				// unknown token, skip it
+	    				reader.skipValue();
+	    			}
+	    			break;
+	    		case END_OBJECT:
+	    			// the object ended, we're done here
+	    			return;
+	    	}
+	    }
+    }
+
+	/**
+	 * @param reader
+	 * @throws IOException 
+	 */
+    private void readRefreshTokens(JsonReader reader) throws IOException {
+	    // TODO Auto-generated method stub
+	    reader.skipValue();
+    }
+
+	/**
+	 * @param reader
+	 * @throws IOException 
+	 */
+    private void readAccessTokens(JsonReader reader) throws IOException {
+	    // TODO Auto-generated method stub
+	    reader.skipValue();
+    }
+
+	/**
+	 * @param reader
+	 * @throws IOException 
+	 */
+    private void readAuthenticationHolders(JsonReader reader) throws IOException {
+	    // TODO Auto-generated method stub
+	    reader.skipValue();
+    }
+
+	/**
+	 * @param reader
+	 * @throws IOException 
+	 */
+    private void readGrants(JsonReader reader) throws IOException {
+	    // TODO Auto-generated method stub
+	    reader.skipValue();
+    }
+
+	/**
+	 * @param reader
+	 * @throws IOException 
+	 */
+    private void readClients(JsonReader reader) throws IOException {
+	    // TODO Auto-generated method stub
+	    reader.skipValue();
+    }
+
+}

openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java

@@ -0,0 +1,133 @@
+/*******************************************************************************
+ * Copyright 2014 The MITRE Corporation
+ *   and the MIT Kerberos and Internet Trust Consortium
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ ******************************************************************************/
+package org.mitre.openid.connect.web;
+
+import java.io.IOException;
+import java.io.Reader;
+import java.io.Writer;
+import java.security.Principal;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
+import org.mitre.openid.connect.service.MITREidDataService;
+import org.mitre.openid.connect.service.impl.MITREidDataService_1_0;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import com.google.gson.stream.JsonReader;
+import com.google.gson.stream.JsonToken;
+import com.google.gson.stream.JsonWriter;
+
+/**
+ * API endpoint for importing and exporting the current state of a server.
+ * Includes all tokens, grants, whitelists, blacklists, and clients.
+ * 
+ * @author jricher
+ * 
+ */
+@Controller
+@RequestMapping("/api/data")
+@PreAuthorize("hasRole('ROLE_ADMIN')") // you need to be an admin to even think about this -- this is a potentially dangerous API!!
+public class DataAPI {
+	
+	private static Logger logger = LoggerFactory.getLogger(DataAPI.class);
+
+	private SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ");
+
+	@Autowired
+	private ConfigurationPropertiesBean config;
+	
+	private MITREidDataService dataService_1_0 = new MITREidDataService_1_0();
+	
+	@RequestMapping(method = RequestMethod.POST, consumes = "application/json")
+	public String importData(Reader in, Model m) throws IOException {
+		
+		JsonReader reader = new JsonReader(in);
+		
+		reader.beginObject();
+		
+		while (reader.hasNext()) {
+			JsonToken tok = reader.peek();
+			switch (tok) {
+				case NAME:
+					String name = reader.nextName();
+					if (name.equals(MITREidDataService.MITREID_CONNECT_1_0)) {
+						// this will consume the beginObject and endObject of the configuration value
+						dataService_1_0.importData(reader);
+					} else {
+						// consume the next bit silently for now
+						logger.debug("Skipping value for " + name); // TODO: write these out?
+						reader.skipValue();
+					}
+					break;
+				case END_OBJECT:
+					reader.endObject();
+					break;
+				case END_DOCUMENT:
+					break;
+			}
+		}		
+		
+		return "httpCodeView"; 
+	}
+	
+	@RequestMapping(method = RequestMethod.GET, produces = "application/json")
+	public void exportData(HttpServletResponse resp, Principal prin) throws IOException {
+
+		resp.setContentType("application/json");
+		
+		// this writer puts things out onto the wire
+		JsonWriter writer = new JsonWriter(resp.getWriter());
+		writer.setIndent("  ");
+
+		try {
+			
+	        writer.beginObject();
+	        
+			writer.name("exported-at");
+			writer.value(dateFormat.format(new Date()));
+
+			writer.name("exported-from");
+			writer.value(config.getIssuer());
+			
+			writer.name("exported-by");
+			writer.value(prin.getName());
+
+			// delegate to the service to do the actual export
+			dataService_1_0.exportData(writer);
+			
+			writer.endObject(); // end root
+			writer.close();
+		    
+		} catch (IOException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
+		
+	}
+	
+	
+}