com.googlesource.gerrit.plugins.oauth.KeycloakOAuthService.java Source code

Java tutorial

  1. HOME
  2. Java
  3. com.googlesource.gerrit.plugins.oauth.KeycloakOAuthService.java

Introduction

Here is the source code for com.googlesource.gerrit.plugins.oauth.KeycloakOAuthService.java

Source

// Copyright (C) 2017 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package com.googlesource.gerrit.plugins.oauth;

import static com.google.gerrit.json.OutputFormat.JSON;

import com.google.common.base.CharMatcher;
import com.google.common.base.Preconditions;
import com.google.gerrit.extensions.annotations.PluginName;
import com.google.gerrit.extensions.auth.oauth.OAuthServiceProvider;
import com.google.gerrit.extensions.auth.oauth.OAuthToken;
import com.google.gerrit.extensions.auth.oauth.OAuthUserInfo;
import com.google.gerrit.extensions.auth.oauth.OAuthVerifier;
import com.google.gerrit.server.config.CanonicalWebUrl;
import com.google.gerrit.server.config.PluginConfig;
import com.google.gerrit.server.config.PluginConfigFactory;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.io.IOException;
import org.apache.commons.codec.binary.Base64;
import org.scribe.builder.ServiceBuilder;
import org.scribe.model.Token;
import org.scribe.model.Verifier;
import org.scribe.oauth.OAuthService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class KeycloakOAuthService implements OAuthServiceProvider {

    private static final Logger log = LoggerFactory.getLogger(KeycloakOAuthService.class);

    static final String CONFIG_SUFFIX = "-keycloak-oauth";
    private static final String KEYCLOAK_PROVIDER_PREFIX = "keycloak-oauth:";
    private final OAuthService service;
    private final String serviceName;

    @Inject
    KeycloakOAuthService(PluginConfigFactory cfgFactory, @PluginName String pluginName,
            @CanonicalWebUrl Provider<String> urlProvider) {
        PluginConfig cfg = cfgFactory.getFromGerritConfig(pluginName + CONFIG_SUFFIX);
        String canonicalWebUrl = CharMatcher.is('/').trimTrailingFrom(urlProvider.get()) + "/";

        String rootUrl = cfg.getString(InitOAuth.ROOT_URL);
        String realm = cfg.getString(InitOAuth.REALM);
        serviceName = cfg.getString(InitOAuth.SERVICE_NAME, "Keycloak OAuth2");

        service = new ServiceBuilder().provider(new KeycloakApi(rootUrl, realm))
                .apiKey(cfg.getString(InitOAuth.CLIENT_ID)).apiSecret(cfg.getString(InitOAuth.CLIENT_SECRET))
                .scope("openid").callback(canonicalWebUrl + "oauth").build();
    }

    private String parseJwt(String input) {
        String[] parts = input.split("\\.");
        Preconditions.checkState(parts.length == 3);
        Preconditions.checkNotNull(parts[1]);
        return new String(Base64.decodeBase64(parts[1]));
    }

    @Override
    public OAuthUserInfo getUserInfo(OAuthToken token) throws IOException {
        JsonElement tokenJson = JSON.newGson().fromJson(token.getRaw(), JsonElement.class);
        JsonObject tokenObject = tokenJson.getAsJsonObject();
        JsonElement id_token = tokenObject.get("id_token");

        JsonElement claimJson = JSON.newGson().fromJson(parseJwt(id_token.getAsString()), JsonElement.class);

        JsonObject claimObject = claimJson.getAsJsonObject();
        if (log.isDebugEnabled()) {
            log.debug("Claim object: {}", claimObject);
        }
        JsonElement usernameElement = claimObject.get("preferred_username");
        JsonElement emailElement = claimObject.get("email");
        JsonElement nameElement = claimObject.get("name");
        if (usernameElement == null || usernameElement.isJsonNull()) {
            throw new IOException("Response doesn't contain preferred_username field");
        }
        if (emailElement == null || emailElement.isJsonNull()) {
            throw new IOException("Response doesn't contain email field");
        }
        if (nameElement == null || nameElement.isJsonNull()) {
            throw new IOException("Response doesn't contain name field");
        }
        String username = usernameElement.getAsString();
        String email = emailElement.getAsString();
        String name = nameElement.getAsString();

        return new OAuthUserInfo(KEYCLOAK_PROVIDER_PREFIX + username /*externalId*/, username /*username*/,
                email /*email*/, name /*displayName*/, null /*claimedIdentity*/);
    }

    @Override
    public OAuthToken getAccessToken(OAuthVerifier rv) {
        Verifier vi = new Verifier(rv.getValue());
        Token to = service.getAccessToken(null, vi);
        return new OAuthToken(to.getToken(), to.getSecret(), to.getRawResponse());
    }

    @Override
    public String getAuthorizationUrl() {
        return service.getAuthorizationUrl(null);
    }

    @Override
    public String getVersion() {
        return service.getVersion();
    }

    @Override
    public String getName() {
        return serviceName;
    }
}