com.vmware.identity.ssoconfig.OidcClientCommand.java Source code

Java tutorial

Introduction

Here is the source code for com.vmware.identity.ssoconfig.OidcClientCommand.java

Source

/*
 *  Copyright (c) 2017 VMware, Inc.  All Rights Reserved.
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may not
 *  use this file except in compliance with the License.  You may obtain a copy
 *  of the License at http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS, without
 *  warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
 *  License for the specific language governing permissions and limitations
 *  under the License.
 */
package com.vmware.identity.ssoconfig;

import com.vmware.identity.diagnostics.DiagnosticsLoggerFactory;
import com.vmware.identity.diagnostics.IDiagnosticsLogger;
import com.vmware.identity.openidconnect.common.ParseException;
import com.vmware.identity.openidconnect.protocol.JSONUtils;
import com.vmware.identity.rest.idm.client.IdmClient;
import com.vmware.identity.rest.idm.data.*;
import net.minidev.json.JSONObject;
import net.minidev.json.parser.JSONParser;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.args4j.Option;

import java.io.File;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Scanner;

/**
 * OIDC Client configuration commands.
 *
 */
public class OidcClientCommand extends SSOConfigCommand {

    private static final IDiagnosticsLogger logger = DiagnosticsLoggerFactory.getLogger(OidcClientCommand.class);

    private static final String REDIRECT_URIS_KEY = "redirect_uris";
    private static final String LOGOUT_URI_KEY = "logout_uri";
    private static final String POST_LOGOUT_URIS_KEY = "post_logout_uris";
    private static final String TOKEN_ENDPOINT_AUTH_METHOD_KEY = "token_endpoint_auth_method";
    private static final String CLIENT_ASSERTION_LIFETIME_MS_KEY = "client_assertion_lifetime";
    private static final String CERTIFICATE_SUBJECT_DN_KEY = "certificate_subject_dn";

    @Option(name = "--delete", metaVar = "[OIDC Client Id]", usage = "Delete the OIDC Client with the id.")
    private String idToDelete = null;

    @Option(name = "--register", metaVar = "[Metadata File path]", usage = "OIDC Client metadata file location to register.")
    private String metadataFile = null;

    @Option(name = "--list", metaVar = "[all | OIDC Client Id]", usage = "List tenant's OIDC Client configurations."
            + " Type [all] to list all or type in the specific OIDC Client name.")
    private String clientIdToList = null;

    @Override
    public String getShortDescription() {
        return String.format("Commands for OIDC client configurations. Use %s %s for details.",
                this.getCommandName(), HELP_CMD);
    }

    @Override
    protected void execute() throws Exception {
        if (StringUtils.isNotEmpty(metadataFile)) {
            registerOIDCClient();
        } else if (StringUtils.isNotEmpty(idToDelete)) {
            deleteOIDCClient();
        } else if (StringUtils.isNotEmpty(clientIdToList)) {
            list();
        }
    }

    private void registerOIDCClient() throws Exception {
        IdmClient client = SSOConfigurationUtils.getIdmClient();
        Scanner scanner = new Scanner(new File(metadataFile));
        try {
            OIDCClientDTO clientDTO = client.oidcClient().register(tenant,
                    getOIDCClientMetadataDTO(scanner.useDelimiter("\\Z").next()));
            logger.info(String.format("Successfully registered OIDC Client [%s] for tenant %s",
                    clientDTO.getClientId(), tenant));
        } finally {
            scanner.close();
        }
    }

    private OIDCClientMetadataDTO getOIDCClientMetadataDTO(String metadata) {
        try {
            JSONParser jsonParser = new JSONParser(JSONParser.DEFAULT_PERMISSIVE_MODE);
            JSONObject jsonConfig = (JSONObject) jsonParser.parse(metadata);
            final List<String> redirectURIList = new ArrayList<String>();
            final List<String> postLogoutURIList = new ArrayList<String>();
            String tokenEndpointMethod = null;
            Long clientAssertionLifetimeMS = 0L;
            String logoutURI = null;
            String certDN = null;

            if (jsonConfig.get(TOKEN_ENDPOINT_AUTH_METHOD_KEY) != null) {
                tokenEndpointMethod = JSONUtils.getString(jsonConfig, TOKEN_ENDPOINT_AUTH_METHOD_KEY);
            }
            if (jsonConfig.get(CLIENT_ASSERTION_LIFETIME_MS_KEY) != null) {
                clientAssertionLifetimeMS = JSONUtils.getLong(jsonConfig, CLIENT_ASSERTION_LIFETIME_MS_KEY);
            }
            if (jsonConfig.get(REDIRECT_URIS_KEY) != null) {
                final String[] redirectURIs = JSONUtils.getStringArray(jsonConfig, REDIRECT_URIS_KEY);
                redirectURIList.addAll(Arrays.asList(redirectURIs));
            }
            if (jsonConfig.get(LOGOUT_URI_KEY) != null) {
                logoutURI = JSONUtils.getString(jsonConfig, LOGOUT_URI_KEY);
            }
            if (jsonConfig.get(POST_LOGOUT_URIS_KEY) != null) {
                final String[] postLogoutURIs = JSONUtils.getStringArray(jsonConfig, POST_LOGOUT_URIS_KEY);
                postLogoutURIList.addAll(Arrays.asList(postLogoutURIs));
            }
            if (jsonConfig.get(CERTIFICATE_SUBJECT_DN_KEY) != null) {
                certDN = JSONUtils.getString(jsonConfig, CERTIFICATE_SUBJECT_DN_KEY);
            }

            return OIDCClientMetadataDTO.builder().withRedirectUris(redirectURIList).withLogoutUri(logoutURI)
                    .withPostLogoutRedirectUris(postLogoutURIList).withTokenEndpointAuthMethod(tokenEndpointMethod)
                    .withAuthnRequestClientAssertionLifetimeMS(clientAssertionLifetimeMS).withCertSubjectDN(certDN)
                    .build();
        } catch (ParseException e) {
            throw new RuntimeException("Error: Failed to parse OIDC Client metadata.", e);
        } catch (net.minidev.json.parser.ParseException e) {
            throw new RuntimeException("Error: Failed to parse OIDC Client metadata.", e);
        }
    }

    private void deleteOIDCClient() throws Exception {
        final IdmClient client = SSOConfigurationUtils.getIdmClient();
        client.oidcClient().delete(tenant, idToDelete);
        logger.info("Successfully deleted OIDC Client for tenant " + tenant);
    }

    private void list() throws Exception {
        final IdmClient idmClient = SSOConfigurationUtils.getIdmClient();
        if (clientIdToList.equalsIgnoreCase("all")) {
            final List<OIDCClientDTO> clientList = idmClient.oidcClient().getAll(tenant);
            if (clientList == null || clientList.isEmpty()) {
                System.out.println("No OIDC Clients have been configured for tenant: " + tenant);
                return;
            }
            System.out.println("OIDC Client for tenant " + tenant);
            for (OIDCClientDTO client : clientList) {
                displayOIDCClient(client);
            }
        } else {
            final OIDCClientDTO client = idmClient.oidcClient().get(tenant, clientIdToList);
            displayOIDCClient(client);
        }
    }

    private void displayOIDCClient(OIDCClientDTO client) {
        final OIDCClientMetadataDTO metadata = client.getOIDCClientMetadataDTO();

        System.out.println("Configuration for OIDC Client: " + client.getClientId() + "\n");
        // Print Auth Method
        SSOConfigurationUtils.displayParamNameAndValue("Auth Method", metadata.getTokenEndpointAuthMethod());
        SSOConfigurationUtils.displayParamNameAndValue("Assertion Lifetime (milli seconds)",
                metadata.getAuthnRequestClientAssertionLifetimeMS());
        // Print the Redirect URIs
        final List<String> redirectURIs = metadata.getRedirectUris();
        if (redirectURIs != null) {
            for (String uri : redirectURIs) {
                SSOConfigurationUtils.displayParamNameAndValue("Redirect URI", uri);
            }
        }
        // Print the Logout URI
        final String logoutURI = metadata.getLogoutUri();
        if (logoutURI != null) {
            SSOConfigurationUtils.displayParamNameAndValue("Logout URI", logoutURI);
        }
        // Print the Post Logout URIs
        final List<String> postLogoutURIs = metadata.getPostLogoutRedirectUris();
        if (postLogoutURIs != null) {
            for (String uri : postLogoutURIs) {
                SSOConfigurationUtils.displayParamNameAndValue("Post Logout URI", uri);
            }
        }
        final String certSubjectDN = metadata.getCertSubjectDN();
        if (certSubjectDN != null) {
            SSOConfigurationUtils.displayParamNameAndValue("Certificate Subject DN", certSubjectDN);
        }
        SSOConfigurationUtils.displaySeparationLine();
    }
}