init

maxkey-protocols/maxkey-protocol-authorize/src/main/java/META-INF/MANIFEST.MF

@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Class-Path: 
+

maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java

@@ -0,0 +1,111 @@
+/**
+ * 
+ */
+package org.maxkey.authz.endpoint;
+
+import org.maxkey.constants.PROTOCOLS;
+import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.dao.service.AccountsService;
+import org.maxkey.dao.service.ApplicationsService;
+import org.maxkey.domain.Accounts;
+import org.maxkey.domain.UserInfo;
+import org.maxkey.domain.apps.Applications;
+import org.maxkey.web.WebContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.web.servlet.ModelAndView;
+
+/**
+ * @author Crystal.Sea
+ *
+ */
+public class AuthorizeBaseEndpoint {
+	final static Logger _logger = LoggerFactory.getLogger(AuthorizeBaseEndpoint.class);
+	
+	@Autowired
+	@Qualifier("applicationsService")
+	protected ApplicationsService applicationsService;
+	
+	@Autowired
+	AccountsService appAccountsService;
+	
+	
+	protected Applications getApp(String id){
+		Applications  application=null;
+		if(id.equals("manage")){
+			application =new Applications();
+			application.setId("manage");
+			application.setName("Manage App");
+			application.setProtocol(PROTOCOLS.TOKENBASED);
+			application.setIsAdapter(1);
+			application.setAdapter("com.connsec.web.authorize.endpoint.adapter.TokenBasedJWTAdapter");
+		}else{
+			application=applicationsService.get(id);
+		}
+		
+		if(application	==	null){
+			_logger.error("Applications for id "+id + "  is null");
+		}
+		WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(), application);
+		return application;
+	}
+	
+	protected Applications getSessionApplication(String id){
+		Object object= WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName());
+		Applications  application=null;
+		if(object	!=	null){
+			application	=	(Applications)object;
+		}else{
+			application	=	getApp(id);
+		}
+		return application;
+	}
+	
+	protected Accounts getAppAccounts(Applications application){
+		Accounts appAccount=new Accounts();
+		UserInfo userInfo=WebContext.getUserInfo();
+		if(application.getCredential()==Applications.CREDENTIALS.USER_DEFINED){
+			
+			appAccount=appAccountsService.load(new Accounts(userInfo.getId(),application.getId()));
+			if(appAccount!=null){
+				appAccount.setRelatedPassword(ReciprocalUtils.decoder(appAccount.getRelatedPassword()));
+			}
+		}else if(application.getCredential()==Applications.CREDENTIALS.SHARED){
+			
+			appAccount.setRelatedUsername(application.getSharedUsername());
+			appAccount.setRelatedPassword(ReciprocalUtils.decoder(application.getSharedPassword()));
+			
+		}else if(application.getCredential()==Applications.CREDENTIALS.SYSTEM){
+			
+			if(application.getSystemUserAttr().equalsIgnoreCase("uid")){
+				appAccount.setUsername(userInfo.getId());
+			}else if(application.getSystemUserAttr().equalsIgnoreCase("username")){
+				appAccount.setUsername(userInfo.getUsername());
+			}else if(application.getSystemUserAttr().equalsIgnoreCase("employeeNumber")){
+				appAccount.setUsername(userInfo.getEmployeeNumber());
+			}else if(application.getSystemUserAttr().equalsIgnoreCase("email")){
+				appAccount.setUsername(userInfo.getEmail());
+			}else if(application.getSystemUserAttr().equalsIgnoreCase("windowsAccount")){
+				appAccount.setUsername(userInfo.getWindowsAccount());
+			}
+			//decoder database stored encode password
+			appAccount.setRelatedPassword(ReciprocalUtils.decoder(WebContext.getUserInfo().getDecipherable()));
+			
+			
+		}else if(application.getCredential()==Applications.CREDENTIALS.NONE){
+			
+			appAccount.setUsername(userInfo.getUsername());
+			appAccount.setRelatedPassword(userInfo.getUsername());
+			
+		}
+		return appAccount;
+	}
+	
+	public ModelAndView generateInitCredentialModelAndView(String appId,String redirect_uri){
+		ModelAndView modelAndView=new ModelAndView("redirect:/authz/credential/forward?appId="+appId+"&redirect_uri="+redirect_uri);
+		return modelAndView;
+	}
+	
+}

maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeCredentialEndpoint.java

@@ -0,0 +1,71 @@
+/**
+ * 
+ */
+package org.maxkey.authz.endpoint;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.domain.Accounts;
+import org.maxkey.domain.UserInfo;
+import org.maxkey.util.StringUtils;
+import org.maxkey.web.WebContext;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.servlet.ModelAndView;
+
+/**
+ * @author Crystal.Sea
+ *
+ */
+@Controller
+public class AuthorizeCredentialEndpoint extends AuthorizeBaseEndpoint{
+
+	@RequestMapping("/authz/credential/forward")
+	public ModelAndView authorizeCredentialForward(
+			@RequestParam("appId") String appId,
+			@RequestParam("redirect_uri") String redirect_uri){
+		ModelAndView modelAndView=new ModelAndView("authorize/init_sso_credential");
+		modelAndView.addObject("username", "");
+		modelAndView.addObject("password", "");
+		modelAndView.addObject("setpassword", true);
+		modelAndView.addObject("uid", WebContext.getUserInfo().getId());
+		modelAndView.addObject("appId", appId);
+		modelAndView.addObject("redirect_uri", redirect_uri);
+		return modelAndView;
+	}
+	
+	@RequestMapping("/authz/credential")
+	public ModelAndView authorizeCredential(
+			HttpServletRequest request,
+			@RequestParam("uid") String uid,
+			@RequestParam("appId") String appId,
+			@RequestParam("identity_username") String identity_username,
+			@RequestParam("identity_password") String identity_password,
+			@RequestParam("redirect_uri") String redirect_uri){
+		
+		if(StringUtils.isNotEmpty(identity_username)&&StringUtils.isNotEmpty(identity_password)){
+			Accounts appUser =new Accounts ();
+			UserInfo userInfo=WebContext.getUserInfo();
+			appUser.setId(appUser.generateId());
+			
+			appUser.setUid(userInfo.getId());
+			appUser.setUsername(userInfo.getUsername());
+			appUser.setDisplayName(userInfo.getDisplayName());
+			
+			appUser.setAppId(appId);
+			appUser.setAppName(getSessionApplication(appId).getName());
+			
+			appUser.setRelatedUsername(identity_username);
+			appUser.setRelatedPassword(ReciprocalUtils.encode(identity_password));
+			
+			if(appAccountsService.insert(appUser)){
+				
+			}
+		}
+		
+		return WebContext.redirect(redirect_uri);
+	}
+			
+}

maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeEndpoint.java

@@ -0,0 +1,123 @@
+/**
+ * 
+ */
+package org.maxkey.authz.endpoint;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.maxkey.authz.oauth2.provider.ClientDetailsService;
+import org.maxkey.client.oauth.builder.ServiceBuilder;
+import org.maxkey.client.oauth.builder.api.ConnsecApi20;
+import org.maxkey.client.oauth.oauth.OAuthService;
+import org.maxkey.constants.PROTOCOLS;
+import org.maxkey.dao.service.CasDetailsService;
+import org.maxkey.domain.apps.Applications;
+import org.maxkey.domain.apps.oauth2.provider.ClientDetails;
+import org.maxkey.web.WebConstants;
+import org.maxkey.web.WebContext;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.servlet.ModelAndView;
+
+/**
+ * @author Crystal.Sea
+ *
+ */
+@Controller
+public class AuthorizeEndpoint extends AuthorizeBaseEndpoint{
+
+	@Autowired
+	@Qualifier("oauth20JdbcClientDetailsService")
+	private ClientDetailsService clientDetailsService;
+	
+	@Autowired
+	CasDetailsService casDetailsService;
+	
+	//all single sign on url
+	@RequestMapping("/authz/{id}")
+	public ModelAndView authorize(
+			HttpServletRequest request,
+			@PathVariable("id") String id){
+		
+		ModelAndView modelAndView=null;
+		
+		Applications  application=getApp(id);
+		WebContext.setAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID, id);
+		
+		if(application.getProtocol().equalsIgnoreCase(PROTOCOLS.EXTEND_API)){
+			
+			modelAndView=WebContext.forward("/authz/api/"+id);
+			
+		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.FORMBASED)){
+			
+			 modelAndView=WebContext.forward("/authz/formbased/"+id);
+			 
+		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.OAUTH20)){
+			ClientDetails  clientDetails =clientDetailsService.loadClientByClientId(application.getId());
+			OAuthService service = new ServiceBuilder()
+	        .provider(ConnsecApi20.class)
+	        .apiKey(application.getId())
+	        .apiSecret(application.getSecret())
+	        .callback(clientDetails.getRegisteredRedirectUri().toArray()[0].toString())
+	        .build();
+			_logger.debug(""+clientDetails);
+			
+			String authorizationUrl = service.getAuthorizationUrl(null);
+			modelAndView=WebContext.redirect(authorizationUrl);
+			 
+		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.OAUTH10A)){
+			/*
+			 * Application must get request_token for authn
+			 */
+			modelAndView=WebContext.forward("/authz/oauth10a/"+id);
+			
+		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.OPEN_ID_CONNECT)){
+			
+			// modelAndView=new ModelAndView("openid connect");
+		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.SAML20)){
+			
+			 modelAndView=WebContext.forward("/authz/saml20/idpinit/"+application.getId());
+			 
+		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.SAML11)){
+			
+			modelAndView=WebContext.forward("/authz/saml11/idpinit/"+application.getId());
+			 
+		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.TOKENBASED)){
+			
+			modelAndView=WebContext.forward("/authorize/tokenbased/"+id);
+			
+		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.LTPA)){
+			
+			modelAndView=WebContext.forward("/authz/ltpa/"+id);
+			
+		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.CAS)){
+			
+			modelAndView=WebContext.forward("/authz/cas/"+id);
+			
+		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.DESKTOP)){
+			
+			modelAndView=WebContext.forward("/authz/desktop/"+id);
+			
+		}else if (application.getProtocol().equalsIgnoreCase(PROTOCOLS.BASIC)){
+			
+			modelAndView=WebContext.redirect(application.getLoginUrl());
+		}
+		
+		_logger.debug(modelAndView.getViewName());
+		
+		return modelAndView;
+	}
+
+	@RequestMapping("/authz/oauth10a/{id}")
+	public ModelAndView authorizeOAuth10a(
+			@PathVariable("id") String id){
+		
+		 String redirec_uri=getApp(id).getLoginUrl();
+		return WebContext.redirect(redirec_uri);
+		
+	}
+	
+}

maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeProtectedEndpoint.java

@@ -0,0 +1,48 @@
+/**
+ * 
+ */
+package org.maxkey.authz.endpoint;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.domain.UserInfo;
+import org.maxkey.web.WebConstants;
+import org.maxkey.web.WebContext;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.servlet.ModelAndView;
+
+/**
+ * @author Crystal.Sea
+ *
+ */
+@Controller
+public class AuthorizeProtectedEndpoint{
+
+	@RequestMapping("/authz/protected/forward")
+	public ModelAndView forwardProtectedForward(
+			HttpServletRequest request ){
+		String redirect_uri=request.getAttribute("redirect_uri").toString();
+		ModelAndView modelAndView=new ModelAndView("authorize/protected/forward");
+		modelAndView.addObject("redirect_uri", redirect_uri);
+		return modelAndView;
+	}
+	
+	@RequestMapping("/authz/protected")
+	public ModelAndView authorizeProtected(
+			@RequestParam("password") String password,
+			@RequestParam("redirect_uri") String redirect_uri){
+		 UserInfo userInfo=WebContext.getUserInfo();
+		if( userInfo.getAppLoginPassword().equals(ReciprocalUtils.encode(password))){
+			WebContext.setAttribute(WebConstants.CURRENT_SINGLESIGNON_URI, redirect_uri);
+			return WebContext.redirect(redirect_uri);
+		}
+		
+		ModelAndView modelAndView=new ModelAndView("authorize/protected/forward");
+		modelAndView.addObject("redirect_uri", redirect_uri);
+		return modelAndView;
+	}
+			
+}

maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/adapter/AbstractAuthorizeAdapter.java

@@ -0,0 +1,69 @@
+package org.maxkey.authz.endpoint.adapter;
+
+import java.io.UnsupportedEncodingException;
+import org.apache.commons.codec.binary.Hex;
+import org.maxkey.constants.BOOLEAN;
+import org.maxkey.crypto.Base64Utils;
+import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.crypto.cert.CertSigner;
+import org.maxkey.crypto.keystore.KeyStoreLoader;
+import org.maxkey.crypto.password.PasswordReciprocal;
+import org.maxkey.domain.UserInfo;
+import org.maxkey.domain.apps.Applications;
+import org.maxkey.web.WebContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.web.servlet.ModelAndView;
+
+public abstract class AbstractAuthorizeAdapter {
+	final static Logger _logger = LoggerFactory.getLogger(AbstractAuthorizeAdapter.class);
+	
+	public  PasswordReciprocal passwordReciprocal=PasswordReciprocal.getInstance();
+	
+	public abstract ModelAndView authorize(UserInfo userInfo,Object app,String data,ModelAndView modelAndView);
+	
+	public abstract String generateInfo(UserInfo userInfo,Object app);
+	
+	public String  sign(String data,Applications app){
+		if(BOOLEAN.isTrue(app.getIsSignature())){
+			KeyStoreLoader keyStoreLoader=(KeyStoreLoader)WebContext.getBean("keyStoreLoader");
+			try {	
+				byte[] signature= CertSigner.sign(data.getBytes(), keyStoreLoader.getKeyStore(), keyStoreLoader.getEntityName(), keyStoreLoader.getKeystorePassword());
+				_logger.debug("signed Token : "+data);
+				_logger.debug("signature : "+signature.toString());
+				
+				
+				data=Base64Utils.base64UrlEncode(data.getBytes("UTF-8"))+"."+Base64Utils.base64UrlEncode(signature);
+			} catch (UnsupportedEncodingException e) {
+				e.printStackTrace();
+			} catch (Exception e) {
+				// TODO Auto-generated catch block
+				e.printStackTrace();
+			}
+			_logger.debug("Token : "+data);
+			
+		}else{
+			_logger.debug("data not need sign .");
+		}
+		
+		return data;
+	}
+	
+	public  String encrypt(String data,String algorithmKey,String algorithm){
+		
+		algorithmKey=passwordReciprocal.decoder(algorithmKey);
+		_logger.debug("algorithm : "+algorithm);
+		_logger.debug("algorithmKey : "+algorithmKey);
+		//Chinese , encode data to HEX
+		try {
+			data = new String(Hex.encodeHex(data.getBytes("UTF-8")));
+		} catch (UnsupportedEncodingException e) { 
+			e.printStackTrace();
+		}     
+		byte[] encodeData=ReciprocalUtils.encode(data, algorithmKey, algorithm);
+		String tokenString=Base64Utils.base64UrlEncode(encodeData);
+		_logger.trace("Reciprocal then HEX  Token : "+tokenString);
+		
+		return tokenString;
+	}
+}