diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/MITREidDataService.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/MITREidDataService.java new file mode 100644 index 000000000..38341c085 --- /dev/null +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/MITREidDataService.java @@ -0,0 +1,50 @@ +/******************************************************************************* + * Copyright 2014 The MITRE Corporation + * and the MIT Kerberos and Internet Trust Consortium + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + ******************************************************************************/ +package org.mitre.openid.connect.service; + +import java.io.IOException; + +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; + +/** + * @author jricher + * + */ +public interface MITREidDataService { + + /** + * Data member for 1.0 configuration + */ + public static final String MITREID_CONNECT_1_0 = "mitreid-connect-1.0"; + + /** + * Write out the current server state to the given JSON writer as a JSON object + * + * @param writer + * @throws IOException + */ + void exportData(JsonWriter writer) throws IOException; + + /** + * Read in the current server state from the given JSON reader as a JSON object + * + * @param reader + */ + void importData(JsonReader reader) throws IOException; + +} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java new file mode 100644 index 000000000..dab85f90f --- /dev/null +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java @@ -0,0 +1,216 @@ +/******************************************************************************* + * Copyright 2014 The MITRE Corporation + * and the MIT Kerberos and Internet Trust Consortium + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + ******************************************************************************/ +package org.mitre.openid.connect.service.impl; + +import java.io.IOException; + +import org.mitre.openid.connect.service.MITREidDataService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonToken; +import com.google.gson.stream.JsonWriter; + +/** + * + * Data service to import and export MITREid 1.0 configuration. + * + * @author jricher + * + */ +public class MITREidDataService_1_0 implements MITREidDataService { + + private final static Logger logger = LoggerFactory.getLogger(MITREidDataService_1_0.class); + + // member names + private static final String REFRESHTOKENS = "refreshtokens"; + private static final String ACCESSTOKENS = "accesstokens"; + private static final String AUTHENTICATIONHOLDERS = "authenticationholders"; + private static final String GRANTS = "grants"; + private static final String CLIENTS = "clients"; + + /* (non-Javadoc) + * @see org.mitre.openid.connect.service.MITREidDataService#export(com.google.gson.stream.JsonWriter) + */ + @Override + public void exportData(JsonWriter writer) throws IOException { + + // version tag at the root + writer.name(MITREID_CONNECT_1_0); + + writer.beginObject(); + + // clients list + writer.name(CLIENTS); + writer.beginArray(); + writeClients(writer); + writer.endArray(); + + + writer.name(GRANTS); + writer.beginArray(); + writeGrants(writer); + writer.endArray(); + + writer.name(AUTHENTICATIONHOLDERS); + writer.beginArray(); + writeAuthenticationHolders(writer); + writer.endArray(); + + writer.name(ACCESSTOKENS); + writer.beginArray(); + writeAccessTokens(writer); + writer.endArray(); + + + writer.name(REFRESHTOKENS); + writer.beginArray(); + writeRefreshTokens(writer); + writer.endArray(); + + writer.endObject(); // end mitreid-connect-1.0 + + + } + + /** + * @param writer + */ + private void writeRefreshTokens(JsonWriter writer) { + // TODO Auto-generated method stub + + } + + /** + * @param writer + */ + private void writeAccessTokens(JsonWriter writer) { + // TODO Auto-generated method stub + + } + + /** + * @param writer + */ + private void writeAuthenticationHolders(JsonWriter writer) { + // TODO Auto-generated method stub + + } + + /** + * @param writer + */ + private void writeGrants(JsonWriter writer) { + // TODO Auto-generated method stub + + } + + /** + * @param writer + */ + private void writeClients(JsonWriter writer) { + // TODO Auto-generated method stub + + } + + /* (non-Javadoc) + * @see org.mitre.openid.connect.service.MITREidDataService#importData(com.google.gson.stream.JsonReader) + */ + @Override + public void importData(JsonReader reader) throws IOException { + + logger.info("Reading configuration for 1.0"); + + // this *HAS* to start as an object + reader.beginObject(); + + while (reader.hasNext()) { + JsonToken tok = reader.peek(); + switch(tok) { + case NAME: + String name = reader.nextName(); + + // find out which member it is + if (name.equals(CLIENTS)) { + readClients(reader); + } else if (name.equals(GRANTS)) { + readGrants(reader); + } else if (name.equals(AUTHENTICATIONHOLDERS)) { + readAuthenticationHolders(reader); + } else if (name.equals(ACCESSTOKENS)) { + readAccessTokens(reader); + } else if (name.equals(REFRESHTOKENS)) { + readRefreshTokens(reader); + } else { + // unknown token, skip it + reader.skipValue(); + } + break; + case END_OBJECT: + // the object ended, we're done here + return; + } + } + } + + /** + * @param reader + * @throws IOException + */ + private void readRefreshTokens(JsonReader reader) throws IOException { + // TODO Auto-generated method stub + reader.skipValue(); + } + + /** + * @param reader + * @throws IOException + */ + private void readAccessTokens(JsonReader reader) throws IOException { + // TODO Auto-generated method stub + reader.skipValue(); + } + + /** + * @param reader + * @throws IOException + */ + private void readAuthenticationHolders(JsonReader reader) throws IOException { + // TODO Auto-generated method stub + reader.skipValue(); + } + + /** + * @param reader + * @throws IOException + */ + private void readGrants(JsonReader reader) throws IOException { + // TODO Auto-generated method stub + reader.skipValue(); + } + + /** + * @param reader + * @throws IOException + */ + private void readClients(JsonReader reader) throws IOException { + // TODO Auto-generated method stub + reader.skipValue(); + } + +} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java new file mode 100644 index 000000000..0c2455cd2 --- /dev/null +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java @@ -0,0 +1,133 @@ +/******************************************************************************* + * Copyright 2014 The MITRE Corporation + * and the MIT Kerberos and Internet Trust Consortium + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + ******************************************************************************/ +package org.mitre.openid.connect.web; + +import java.io.IOException; +import java.io.Reader; +import java.io.Writer; +import java.security.Principal; +import java.text.SimpleDateFormat; +import java.util.Date; + +import javax.servlet.http.HttpServletResponse; + +import org.mitre.openid.connect.config.ConfigurationPropertiesBean; +import org.mitre.openid.connect.service.MITREidDataService; +import org.mitre.openid.connect.service.impl.MITREidDataService_1_0; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.stereotype.Controller; +import org.springframework.ui.Model; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonToken; +import com.google.gson.stream.JsonWriter; + +/** + * API endpoint for importing and exporting the current state of a server. + * Includes all tokens, grants, whitelists, blacklists, and clients. + * + * @author jricher + * + */ +@Controller +@RequestMapping("/api/data") +@PreAuthorize("hasRole('ROLE_ADMIN')") // you need to be an admin to even think about this -- this is a potentially dangerous API!! +public class DataAPI { + + private static Logger logger = LoggerFactory.getLogger(DataAPI.class); + + private SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ"); + + @Autowired + private ConfigurationPropertiesBean config; + + private MITREidDataService dataService_1_0 = new MITREidDataService_1_0(); + + @RequestMapping(method = RequestMethod.POST, consumes = "application/json") + public String importData(Reader in, Model m) throws IOException { + + JsonReader reader = new JsonReader(in); + + reader.beginObject(); + + while (reader.hasNext()) { + JsonToken tok = reader.peek(); + switch (tok) { + case NAME: + String name = reader.nextName(); + if (name.equals(MITREidDataService.MITREID_CONNECT_1_0)) { + // this will consume the beginObject and endObject of the configuration value + dataService_1_0.importData(reader); + } else { + // consume the next bit silently for now + logger.debug("Skipping value for " + name); // TODO: write these out? + reader.skipValue(); + } + break; + case END_OBJECT: + reader.endObject(); + break; + case END_DOCUMENT: + break; + } + } + + return "httpCodeView"; + } + + @RequestMapping(method = RequestMethod.GET, produces = "application/json") + public void exportData(HttpServletResponse resp, Principal prin) throws IOException { + + resp.setContentType("application/json"); + + // this writer puts things out onto the wire + JsonWriter writer = new JsonWriter(resp.getWriter()); + writer.setIndent(" "); + + try { + + writer.beginObject(); + + writer.name("exported-at"); + writer.value(dateFormat.format(new Date())); + + writer.name("exported-from"); + writer.value(config.getIssuer()); + + writer.name("exported-by"); + writer.value(prin.getName()); + + // delegate to the service to do the actual export + dataService_1_0.exportData(writer); + + writer.endObject(); // end root + writer.close(); + + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + } + + +}