Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[ELY-2584] Add the ability to specify that the OIDC Authentication Re…
…quest should include request and request_uri parameters
- Loading branch information
1 parent
2bbdcfc
commit cd4478d
Showing
17 changed files
with
1,074 additions
and
81 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
44 changes: 44 additions & 0 deletions
44
http/oidc/src/main/java/org/wildfly/security/http/oidc/JWKPublicKeySetExtractor.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
/* | ||
* JBoss, Home of Professional Open Source. | ||
* Copyright 2020 Red Hat, Inc., and individual contributors | ||
* as indicated by the @author tags. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.wildfly.security.http.oidc; | ||
|
||
import static org.apache.http.HttpHeaders.ACCEPT; | ||
import static org.wildfly.security.http.oidc.Oidc.JSON_CONTENT_TYPE; | ||
|
||
import java.io.IOException; | ||
import org.apache.http.client.methods.HttpGet; | ||
import org.jose4j.lang.JoseException; | ||
import org.wildfly.security.jose.jwk.JsonWebKeySet; | ||
/** | ||
* A public key locator that dynamically obtains the public key from an OpenID | ||
* provider by sending a request to the provider's {@code jwks_uri} when needed. | ||
* | ||
* @author <a href="mailto:prpaul@redhat.com">Prarthona Paul</a> | ||
* */ | ||
public class JWKPublicKeySetExtractor implements OidcPublicKeyExtractor { | ||
public JWKPublicKeySetExtractor() { | ||
} | ||
@Override | ||
public JsonWebKeySet extractPublicKeySet(OidcClientConfiguration config) throws IOException, JoseException { | ||
HttpGet request = new HttpGet(config.getJwksUrl()); | ||
request.addHeader(ACCEPT, JSON_CONTENT_TYPE); | ||
return Oidc.sendJsonHttpRequest(config, request, JsonWebKeySet.class); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
46 changes: 46 additions & 0 deletions
46
http/oidc/src/main/java/org/wildfly/security/http/oidc/JWTSigning.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
/* | ||
* JBoss, Home of Professional Open Source. | ||
* Copyright 2023 Red Hat, Inc., and individual contributors | ||
* as indicated by the @author tags. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.wildfly.security.http.oidc; | ||
|
||
import java.io.InputStream; | ||
import java.security.KeyPair; | ||
|
||
/** | ||
* An interface to obtain the KeyPair from a keystore file. | ||
* | ||
* @author <a href="mailto:prpaul@redhat.com">Prarthona Paul</a> | ||
*/ | ||
|
||
public interface JWTSigning { | ||
/** | ||
* @param keyStoreFile the path to the keystore file | ||
* @param storePassword the password for the keystore file | ||
* @param keyPassword the password for the key we would like ot extract from the keystore | ||
* @param keyAlias the alias for the key that uniquely identifies it | ||
* @param keyStoreType the type of keystore we are trying to access | ||
* @return the private-public keypair extracted from the keystore | ||
*/ | ||
KeyPair loadKeyPairFromKeyStore(String keyStoreFile, String storePassword, String keyPassword, String keyAlias, String keyStoreType); | ||
|
||
/** | ||
* @param keystoreFile the path the keystore file we are trying to access | ||
* @return the contents of the file as an inputStream | ||
*/ | ||
InputStream findFile(String keystoreFile); | ||
} |
81 changes: 81 additions & 0 deletions
81
http/oidc/src/main/java/org/wildfly/security/http/oidc/JWTSigningUtils.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
/* | ||
* JBoss, Home of Professional Open Source. | ||
* Copyright 2020 Red Hat, Inc., and individual contributors | ||
* as indicated by the @author tags. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.wildfly.security.http.oidc; | ||
|
||
import java.io.FileInputStream; | ||
import java.io.FileNotFoundException; | ||
import java.io.InputStream; | ||
import java.security.KeyPair; | ||
import java.security.KeyStore; | ||
import java.security.PrivateKey; | ||
import java.security.PublicKey; | ||
|
||
import static org.wildfly.security.http.oidc.ElytronMessages.log; | ||
import static org.wildfly.security.http.oidc.Oidc.PROTOCOL_CLASSPATH; | ||
|
||
/** | ||
* An interface to obtain the KeyPair from a keystore file. | ||
* | ||
* @author <a href="mailto:prpaul@redhat.com">Prarthona Paul</a> | ||
*/ | ||
|
||
public class JWTSigningUtils implements JWTSigning{ | ||
public JWTSigningUtils() {} | ||
|
||
@Override | ||
public KeyPair loadKeyPairFromKeyStore(String keyStoreFile, String storePassword, String keyPassword, String keyAlias, String keyStoreType) { | ||
InputStream stream = findFile(keyStoreFile); | ||
try { | ||
KeyStore keyStore = KeyStore.getInstance(keyStoreType); | ||
keyStore.load(stream, storePassword.toCharArray()); | ||
PrivateKey privateKey = (PrivateKey) keyStore.getKey(keyAlias, keyPassword.toCharArray()); | ||
if (privateKey == null) { | ||
log.unableToLoadKeyWithAlias(keyAlias); | ||
} | ||
PublicKey publicKey = keyStore.getCertificate(keyAlias).getPublicKey(); | ||
return new KeyPair(publicKey, privateKey); | ||
} catch (Exception e) { | ||
throw log.unableToLoadPrivateKey(e); | ||
} | ||
} | ||
|
||
@Override | ||
public InputStream findFile(String keystoreFile) { | ||
if (keystoreFile.startsWith(PROTOCOL_CLASSPATH)) { | ||
String classPathLocation = keystoreFile.replace(PROTOCOL_CLASSPATH, ""); | ||
// try current class classloader first | ||
InputStream is = JWTClientCredentialsProvider.class.getClassLoader().getResourceAsStream(classPathLocation); | ||
if (is == null) { | ||
is = Thread.currentThread().getContextClassLoader().getResourceAsStream(classPathLocation); | ||
} | ||
if (is != null) { | ||
return is; | ||
} else { | ||
throw log.unableToFindKeystoreFile(keystoreFile); | ||
} | ||
} else { | ||
try { | ||
// fallback to file | ||
return new FileInputStream(keystoreFile); | ||
} catch (FileNotFoundException e) { | ||
throw new RuntimeException(e); | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.