140 lines
6.7 KiB
Java
140 lines
6.7 KiB
Java
package eu.eudat.logic.security.validators.configurableProvider;
|
|
|
|
import eu.eudat.exceptions.security.NullEmailException;
|
|
import eu.eudat.logic.proxy.config.configloaders.ConfigLoader;
|
|
|
|
import eu.eudat.logic.security.customproviders.ConfigurableProvider.ConfigurableProviderCustomProvider;
|
|
import eu.eudat.logic.security.customproviders.ConfigurableProvider.ConfigurableProviderUser;
|
|
import eu.eudat.logic.security.customproviders.ConfigurableProvider.entities.ConfigurableProvider;
|
|
import eu.eudat.logic.security.customproviders.ConfigurableProvider.entities.oauth2.Oauth2ConfigurableProvider;
|
|
import eu.eudat.logic.security.customproviders.ConfigurableProvider.entities.saml2.Saml2ConfigurableProvider;
|
|
import eu.eudat.logic.security.validators.TokenValidator;
|
|
import eu.eudat.logic.security.validators.configurableProvider.helpers.ConfigurableProviderRequest;
|
|
import eu.eudat.logic.security.validators.configurableProvider.helpers.ConfigurableProviderResponseToken;
|
|
import eu.eudat.logic.services.operations.authentication.AuthenticationService;
|
|
import eu.eudat.models.data.login.LoginInfo;
|
|
import eu.eudat.models.data.loginprovider.LoginProviderUser;
|
|
import eu.eudat.models.data.security.Principal;
|
|
|
|
import org.opensaml.saml.saml2.core.*;
|
|
import org.slf4j.Logger;
|
|
import org.slf4j.LoggerFactory;
|
|
import org.springframework.stereotype.Component;
|
|
|
|
import java.util.HashMap;
|
|
import java.util.List;
|
|
import java.util.Map;
|
|
import java.util.stream.Collectors;
|
|
|
|
@Component("configurableProviderTokenValidator")
|
|
public class ConfigurableProviderTokenValidator implements TokenValidator {
|
|
|
|
private static final Logger logger = LoggerFactory.getLogger(ConfigurableProviderTokenValidator.class);
|
|
|
|
private ConfigurableProviderCustomProvider configurableProvider;
|
|
private AuthenticationService nonVerifiedUserAuthenticationService;
|
|
private ConfigLoader configLoader;
|
|
|
|
public ConfigurableProviderTokenValidator(ConfigurableProviderCustomProvider configurableProvider, AuthenticationService nonVerifiedUserAuthenticationService, ConfigLoader configLoader) {
|
|
this.configurableProvider = configurableProvider;
|
|
this.nonVerifiedUserAuthenticationService = nonVerifiedUserAuthenticationService;
|
|
this.configLoader = configLoader;
|
|
}
|
|
|
|
public ConfigurableProviderResponseToken getAccessToken(ConfigurableProviderRequest configurableProviderRequest) {
|
|
Oauth2ConfigurableProvider provider = (Oauth2ConfigurableProvider)getConfigurableProviderFromId(configurableProviderRequest.getConfigurableLoginId());
|
|
return this.configurableProvider.getAccessToken(configurableProviderRequest.getCode(),
|
|
provider.getRedirect_uri(), provider.getClientId(), provider.getClientSecret(),
|
|
provider.getAccess_token_url(), provider.getGrant_type(), provider.getToken().getAccess_token(), provider.getToken().getExpires_in());
|
|
}
|
|
@Override
|
|
public Principal validateToken(LoginInfo credentials) throws NullEmailException {
|
|
String configurableLoginId = ((Map) credentials.getData()).get("configurableLoginId").toString();
|
|
ConfigurableProvider configurableProvider = getConfigurableProviderFromId(configurableLoginId);
|
|
|
|
LoginProviderUser user = new LoginProviderUser();
|
|
if (configurableProvider.getType().equals("oauth2")) {
|
|
ConfigurableProviderUser configurableUser = this.configurableProvider.getUser(credentials.getTicket(), ((Oauth2ConfigurableProvider)configurableProvider).getUser());
|
|
user.setId(configurableUser.getId());
|
|
user.setEmail(configurableUser.getEmail());
|
|
user.setName(configurableUser.getName());
|
|
user.setProvider(credentials.getProvider());
|
|
user.setSecret(credentials.getTicket());
|
|
return this.nonVerifiedUserAuthenticationService.Touch(user);
|
|
}
|
|
else if (configurableProvider.getType().equals("saml2")) {
|
|
|
|
Response saml2Response = null;
|
|
try {
|
|
Saml2ConfigurableProvider saml2ConfigurableProvider = (Saml2ConfigurableProvider)configurableProvider;
|
|
saml2Response = Saml2SSOUtils.processResponse(credentials.getTicket(), saml2ConfigurableProvider.getIdpEntityId(), saml2ConfigurableProvider.getSpEntityId(),
|
|
saml2ConfigurableProvider.getIdpMetadataUrl(), saml2ConfigurableProvider.isResponseSigned(), saml2ConfigurableProvider.isAssertionSigned());
|
|
} catch (Exception e) {
|
|
logger.error(e.getMessage(), e);
|
|
}
|
|
|
|
List<Assertion> assertions = saml2Response.getAssertions();
|
|
if(assertions != null && !assertions.isEmpty()){
|
|
|
|
List<AttributeStatement> attributeStatements = assertions.get(0).getAttributeStatements();
|
|
if(attributeStatements != null && !attributeStatements.isEmpty()){
|
|
|
|
List<Attribute> attributes = attributeStatements.get(0).getAttributes();
|
|
if(attributes != null && !attributes.isEmpty()){
|
|
|
|
Saml2ConfigurableProvider.SAML2UsingFormat usingFormat = ((Saml2ConfigurableProvider)configurableProvider).getUsingFormat();
|
|
Map<String, String> attributeMapping = ((Saml2ConfigurableProvider)configurableProvider).getConfigurableUserFromAttributes();
|
|
Map<String, Saml2ConfigurableProvider.SAML2AttributeType> attributeType = ((Saml2ConfigurableProvider)configurableProvider).getAttributeTypes();
|
|
Map<String, Object> saml2User = new HashMap<>();
|
|
for(Attribute attribute: attributes){
|
|
|
|
String attributeName = Saml2SSOUtils.getAttributeName(attribute, usingFormat);
|
|
if(attributeName != null && attributeMapping.containsValue(attributeName)){
|
|
|
|
Saml2ConfigurableProvider.SAML2AttributeType attrType = attributeType.get(attributeName);
|
|
if(attribute.getAttributeValues() != null && !attribute.getAttributeValues().isEmpty() && attrType != null){
|
|
Object attributeValue = Saml2SSOUtils.getAttributeType(attribute.getAttributeValues().get(0), attrType);
|
|
if(attributeValue != null) {
|
|
saml2User.put(attributeName, attributeValue);
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
try{
|
|
String subjectNameId = assertions.get(0).getSubject().getNameID().getValue();
|
|
String userId = configurableLoginId + ": " + subjectNameId;
|
|
user.setId(userId);
|
|
} catch(NullPointerException e){
|
|
logger.error("Could not get Subject NameID value of assertion");
|
|
return null;
|
|
}
|
|
user.setEmail((String)saml2User.get(attributeMapping.get("email")));
|
|
user.setName((String)saml2User.get(attributeMapping.get("name")));
|
|
user.setProvider(credentials.getProvider());
|
|
user.setSecret(credentials.getTicket());
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
else
|
|
return null;
|
|
|
|
return this.nonVerifiedUserAuthenticationService.Touch(user);
|
|
|
|
}
|
|
return null;
|
|
}
|
|
|
|
private ConfigurableProvider getConfigurableProviderFromId(String configurableId) {
|
|
return this.configLoader.getConfigurableProviders().getProviders().stream()
|
|
.filter(prov -> prov.getConfigurableLoginId().equals(configurableId))
|
|
.collect(Collectors.toList())
|
|
.get(0);
|
|
}
|
|
}
|