All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.wildfly.test.security.common.elytron.TokenRealm Maven / Gradle / Ivy

/*
 * Copyright 2020 Red Hat, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.wildfly.test.security.common.elytron;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.client.ModelControllerClient;
import org.jboss.as.controller.operations.common.Util;
import org.jboss.as.test.integration.management.util.CLIWrapper;
import org.jboss.dmr.ModelNode;

/**
 * A {@link ConfigurableElement} to define the token-realm resource within the Elytron subsystem.
 *
 * @author Ondrej Kotek
 */
public class TokenRealm implements SecurityRealm {

    private final PathAddress address;
    private final String name;
    private final Jwt jwt;
    private final Oauth2Introspection oauth2Introspection;
    private final String principalClaim;

    TokenRealm(final String name, final Jwt jwt, final Oauth2Introspection oauth2Introspection, final String principalClaim) {
        this.address = PathAddress.pathAddress(PathElement.pathElement("subsystem", "elytron"), PathElement.pathElement("token-realm", name));
        this.name = name;
        this.jwt = jwt;
        this.oauth2Introspection = oauth2Introspection;
        this.principalClaim = principalClaim;
    }

    @Override
    public String getName() {
        return name;
    }

    public ModelNode getAddOperation() {
        ModelNode addOperation = Util.createAddOperation(address);
        addOperation.get("token-realm");
        if (principalClaim != null) {
            addOperation.get("principal-claim").set(principalClaim);
        }
        if (jwt != null) {
            ModelNode jwtProperties = new ModelNode();
            if (jwt.getAudience() != null) {
                ModelNode audienceList = jwtProperties.get("audience");
                for (String audienceEntry : jwt.getAudience()) {
                    audienceList.add(audienceEntry);
                }
            }
            if (jwt.getIssuer() != null) {
                ModelNode issuerList = jwtProperties.get("issuer");
                for (String issuerEntry : jwt.getIssuer()) {
                    issuerList.add(issuerEntry);
                }
            }
            if (jwt.getCertificate() != null) {
                jwtProperties.get("certificate").set(jwt.getCertificate());
            }
            if (jwt.getKeyStore() != null) {
                jwtProperties.get("key-store").set(jwt.getKeyStore());
            }
            if (jwt.getPublicKey() != null) {
                jwtProperties.get("public-key").set(jwt.getPublicKey());
            }
            if (jwtProperties.asListOrEmpty().isEmpty()) {
                addOperation.get("jwt").setEmptyObject();
            } else {
                addOperation.get("jwt").set(jwtProperties.asObject());
            }
        }
        if (oauth2Introspection != null) {
            ModelNode oauth2IntrospectionProperties = new ModelNode();
            if (oauth2Introspection.getClientId() != null) {
                oauth2IntrospectionProperties.get("client-id").set(oauth2Introspection.getClientId());
            }
            if (oauth2Introspection.getClientSecret() != null) {
                oauth2IntrospectionProperties.get("client-secret").set(oauth2Introspection.getClientSecret());
            }
            if (oauth2Introspection.getClientSslContext() != null) {
                oauth2IntrospectionProperties.get("client-ssl-context").set(oauth2Introspection.getClientSslContext());
            }
            if (oauth2Introspection.getHostNameVerificationPolicy() != null) {
                oauth2IntrospectionProperties.get("host-name-verification-policy").set(oauth2Introspection.getHostNameVerificationPolicy());
            }
            if (oauth2Introspection.getIntrospectionUrl() != null) {
                oauth2IntrospectionProperties.get("introspection-url").set(oauth2Introspection.getIntrospectionUrl());
            }
            if (oauth2IntrospectionProperties.asListOrEmpty().isEmpty()) {
                addOperation.get("oauth2-introspection").setEmptyObject();
            } else {
                addOperation.get("oauth2-introspection").set(oauth2IntrospectionProperties.asObject());
            }
        }
        return addOperation;
    }

    public ModelNode getRemoveOperation() {
        return Util.createRemoveOperation(address);
    }

    @Override
    public void create(ModelControllerClient client, CLIWrapper cli) throws Exception {
        org.jboss.as.test.integration.security.common.Utils.applyUpdate(getAddOperation(), client);
    }

    @Override
    public void remove(ModelControllerClient client, CLIWrapper cli) throws Exception {
        org.jboss.as.test.integration.security.common.Utils.applyUpdate(getRemoveOperation(), client);
    }

    public static Builder builder(final String name) {
        return new Builder(name);
    }

    public static JwtBuilder jwtBuilder() {
        return new JwtBuilder();
    }

    public static Oauth2IntrospectionBuilder oauth2IntrospectionBuilder() {
        return new Oauth2IntrospectionBuilder();
    }

    public static final class Builder {

        private final String name;
        private Jwt jwt;
        private Oauth2Introspection oauth2Introspection;
        private String principalClaim;

        public Builder(String name) {
            this.name = name;
        }

        public Builder withJwt(Jwt jwt) {
            this.jwt = jwt;

            return this;
        }

        public Builder withOauth2Introspection(Oauth2Introspection oauth2Introspection) {
            this.oauth2Introspection = oauth2Introspection;

            return this;
        }

        public Builder withPrincipalClaim(String principalClaim) {
            this.principalClaim = principalClaim;

            return this;
        }

        public TokenRealm build() {
            return new TokenRealm(name, jwt, oauth2Introspection, principalClaim);
        }
    }

    public static final class Jwt {

        private final List issuer;
        private final List audience;
        private final String publicKey;
        private final String keyStore;
        private final String certificate;

        private Jwt(JwtBuilder builder) {
            this.issuer = builder.issuer;
            this.audience = builder.audience;
            this.publicKey = builder.publicKey;
            this.keyStore = builder.keyStore;
            this.certificate = builder.certificate;
        }

        public List getIssuer() {
            return issuer;
        }

        public List getAudience() {
            return audience;
        }

        public String getPublicKey() {
            return publicKey;
        }

        public String getKeyStore() {
            return keyStore;
        }

        public String getCertificate() {
            return certificate;
        }

    }

    public static final class JwtBuilder {

        private List issuer;
        private List audience;
        private String publicKey;
        private String keyStore;
        private String certificate;

        public JwtBuilder withIssuer(String... issuer) {
            if (this.issuer == null) {
                this.issuer = new ArrayList();
            }
            Collections.addAll(this.issuer, issuer);
            return this;
        }

        public JwtBuilder withAudience(String... audience) {
            if (this.audience == null) {
                this.audience = new ArrayList();
            }

            Collections.addAll(this.audience, audience);
            return this;
        }

        public JwtBuilder withPublicKey(String publicKey) {
            this.publicKey = publicKey;
            return this;
        }

        public JwtBuilder withKeyStore(String keyStore) {
            this.keyStore = keyStore;
            return this;
        }

        public JwtBuilder withCertificate(String certificate) {
            this.certificate = certificate;
            return this;
        }

        public Jwt build() {
            return new Jwt(this);
        }
    }

    public static final class Oauth2Introspection {

        private final String clientId;
        private final String clientSecret;
        private final String introspectionUrl;
        private final String clientSslContext;
        private final String hostNameVerificationPolicy;

        private Oauth2Introspection(Oauth2IntrospectionBuilder builder) {
            this.clientId = builder.clientId;
            this.clientSecret = builder.clientSecret;
            this.introspectionUrl = builder.introspectionUrl;
            this.clientSslContext = builder.clientSslContext;
            this.hostNameVerificationPolicy = builder.hostNameVerificationPolicy;
        }

        public String getClientId() {
            return clientId;
        }

        public String getClientSecret() {
            return clientSecret;
        }

        public String getIntrospectionUrl() {
            return introspectionUrl;
        }

        public String getClientSslContext() {
            return clientSslContext;
        }

        public String getHostNameVerificationPolicy() {
            return hostNameVerificationPolicy;
        }
    }

    public static final class Oauth2IntrospectionBuilder {

        private String clientId;
        private String clientSecret;
        private String introspectionUrl;
        private String clientSslContext;
        private String hostNameVerificationPolicy;

        public Oauth2IntrospectionBuilder withClientId(String clientId) {
            this.clientId = clientId;

            return this;
        }

        public Oauth2IntrospectionBuilder withClientSecret(String clientSecret) {
            this.clientSecret = clientSecret;

            return this;
        }

        public Oauth2IntrospectionBuilder withIntrospectionUrl(String introspectionUrl) {
            this.introspectionUrl = introspectionUrl;

            return this;
        }

        public Oauth2IntrospectionBuilder withClientSslContext(String clientSslContext) {
            this.clientSslContext = clientSslContext;

            return this;
        }

        public Oauth2IntrospectionBuilder withHostNameVerificationPolicy(String hostNameVerificationPolicy) {
            this.hostNameVerificationPolicy = hostNameVerificationPolicy;

            return this;
        }

        public Oauth2Introspection build() {
            return new Oauth2Introspection(this);
        }
    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy