From 4c47afde485406c283abea7c82b1854672bd1124 Mon Sep 17 00:00:00 2001 From: Yuriy Movchan Date: Fri, 12 Jan 2024 21:39:14 +0300 Subject: [PATCH] feat: use Bearer token if OPA started with it (#7353) * feat: use Bearer token if OPA started with it #7340 Signed-off-by: Yuriy Movchan * feat: use Bearer token if OPA started with it #7340 Signed-off-by: Yuriy Movchan * feat: use Bearer token if OPA started with it #7340 Signed-off-by: Yuriy Movchan * feat: use Bearer token if OPA started with it #7340 Signed-off-by: Yuriy Movchan * feat: use Bearer token if OPA started with it #7340 Signed-off-by: Yuriy Movchan * feat: use Bearer token if OPA started with it #7340 Signed-off-by: Yuriy Movchan * feat: use Bearer token if OPA started with it #7340 Signed-off-by: Yuriy Movchan * feat: use Bearer token if OPA started with it #7340 Signed-off-by: Yuriy Movchan --------- Signed-off-by: Yuriy Movchan --- .../agama-bridge/AgamaBridge.py | 2 +- .../forgot_password/forgot_password.py | 2 +- .../SuperGluuExternalAuthenticator.py | 2 +- .../UserCertExternalAuthenticator.py | 2 +- .../service/common/ConfigurationService.java | 1 + .../service/common/EncryptionService.java | 77 ++++++------------- .../as/server/service/AppInitializer.java | 2 +- .../jans/as/server/service/ClientService.java | 27 ++++--- .../service/push/sns/PushSnsService.java | 13 ++-- .../io/jans/as/server/BaseComponentTest.java | 2 +- jans-casa/extras/Casa.py | 2 +- jans-casa/extras/casa-external_super_gluu.py | 2 +- .../email_2fa_core/extras/email_2fa_core.py | 2 +- .../adminui/service/auth/OAuth2Service.java | 2 +- .../config/AUIConfigurationService.java | 2 +- .../link/rest/JansLinkConfigResource.java | 2 +- .../rest/resource/auth/ClientsResource.java | 2 +- .../resource/auth/ConfigSmtpResource.java | 2 +- .../service/auth/CouchbaseConfService.java | 2 +- .../auth/LdapConfigurationService.java | 2 +- .../service/auth/SqlConfService.java | 2 +- .../java/io/jans/configapi/util/AuthUtil.java | 2 +- .../io/jans}/service/EncryptionService.java | 36 +++++++-- .../fido2/service/app/AppInitializer.java | 2 +- .../link/server/service/AppInitializer.java | 2 +- .../link/server/service/KeycloakService.java | 2 +- .../link/timer/JansKeycloakLinkTimer.java | 1 + .../link/server/service/AppInitializer.java | 2 +- .../io/jans/link/timer/JansLinkTimer.java | 1 + .../jans/link/service/BaseJansLinkTimer.java | 1 + .../jans/link/service/EncryptionService.java | 56 -------------- .../java/io/jans/link/util/PropertyUtil.java | 5 +- .../lock/server/service/AppInitializer.java | 1 + .../server/service/ConfigurationService.java | 1 + .../server/service/EncryptionService.java | 55 ------------- .../lock/model/config/OpaConfiguration.java | 10 +++ .../message/opa/OpaMessageConsumer.java | 24 +++++- .../policy/opa/OpaPolicyConsumer.java | 26 ++++++- .../service/policy/PolicyDownloadService.java | 8 +- .../scim/service/ConfigurationService.java | 2 +- 40 files changed, 166 insertions(+), 223 deletions(-) rename {jans-scim/service/src/main/java/io/jans/scim => jans-core/service/src/main/java/io/jans}/service/EncryptionService.java (65%) delete mode 100644 jans-link/service/src/main/java/io/jans/link/service/EncryptionService.java delete mode 100644 jans-lock/server/src/main/java/io/jans/lock/server/service/EncryptionService.java diff --git a/docs/script-catalog/person_authentication/agama-bridge/AgamaBridge.py b/docs/script-catalog/person_authentication/agama-bridge/AgamaBridge.py index 0e169d88e14..747b8a4b416 100644 --- a/docs/script-catalog/person_authentication/agama-bridge/AgamaBridge.py +++ b/docs/script-catalog/person_authentication/agama-bridge/AgamaBridge.py @@ -6,7 +6,7 @@ from io.jans.agama import NativeJansFlowBridge from io.jans.agama.engine.misc import FlowUtils -from io.jans.as.common.service.common import EncryptionService +io.jans.service import EncryptionService from io.jans.as.server.security import Identity from io.jans.as.server.service import AuthenticationService, UserService from io.jans.jsf2.service import FacesService diff --git a/docs/script-catalog/person_authentication/forgot_password/forgot_password.py b/docs/script-catalog/person_authentication/forgot_password/forgot_password.py index e65df216f5d..859e67da10a 100644 --- a/docs/script-catalog/person_authentication/forgot_password/forgot_password.py +++ b/docs/script-catalog/person_authentication/forgot_password/forgot_password.py @@ -14,7 +14,7 @@ from io.jans.util import StringHelper from io.jans.as.server.util import ServerUtil from io.jans.as.common.service.common import ConfigurationService -from io.jans.as.common.service.common import EncryptionService +io.jans.service import EncryptionService from io.jans.jsf2.message import FacesMessages from jakarta.faces.application import FacesMessage from io.jans.orm.exception import AuthenticationException diff --git a/docs/script-catalog/person_authentication/super-gluu-external-authenticator/SuperGluuExternalAuthenticator.py b/docs/script-catalog/person_authentication/super-gluu-external-authenticator/SuperGluuExternalAuthenticator.py index 57dd00c953e..2aef8048003 100644 --- a/docs/script-catalog/person_authentication/super-gluu-external-authenticator/SuperGluuExternalAuthenticator.py +++ b/docs/script-catalog/person_authentication/super-gluu-external-authenticator/SuperGluuExternalAuthenticator.py @@ -18,7 +18,7 @@ from io.jans.as.server.service.net import HttpService, HttpService2 from io.jans.as.server.util import ServerUtil from io.jans.util import StringHelper -from io.jans.as.common.service.common import EncryptionService +io.jans.service import EncryptionService from io.jans.as.server.service import UserService from io.jans.service import MailService from io.jans.as.server.service.push.sns import PushPlatform diff --git a/docs/script-catalog/person_authentication/user-cert-external-authenticator/UserCertExternalAuthenticator.py b/docs/script-catalog/person_authentication/user-cert-external-authenticator/UserCertExternalAuthenticator.py index 2f5632bf4a0..ec407da5563 100644 --- a/docs/script-catalog/person_authentication/user-cert-external-authenticator/UserCertExternalAuthenticator.py +++ b/docs/script-catalog/person_authentication/user-cert-external-authenticator/UserCertExternalAuthenticator.py @@ -13,7 +13,7 @@ from io.jans.as.server.service import UserService from io.jans.util import StringHelper from io.jans.as.server.util import ServerUtil -from io.jans.as.common.service.common import EncryptionService +io.jans.service import EncryptionService from java.util import Arrays from io.jans.as.common.cert.fingerprint import FingerprintHelper from io.jans.as.common.cert.validation import GenericCertificateVerifier diff --git a/jans-auth-server/common/src/main/java/io/jans/as/common/service/common/ConfigurationService.java b/jans-auth-server/common/src/main/java/io/jans/as/common/service/common/ConfigurationService.java index 3afd246cee0..23fe4babd23 100644 --- a/jans-auth-server/common/src/main/java/io/jans/as/common/service/common/ConfigurationService.java +++ b/jans-auth-server/common/src/main/java/io/jans/as/common/service/common/ConfigurationService.java @@ -10,6 +10,7 @@ import io.jans.as.persistence.model.configuration.GluuConfiguration; import io.jans.model.SmtpConfiguration; import io.jans.orm.PersistenceEntryManager; +import io.jans.service.EncryptionService; import io.jans.util.StringHelper; import io.jans.util.security.StringEncrypter.EncryptionException; import org.slf4j.Logger; diff --git a/jans-auth-server/common/src/main/java/io/jans/as/common/service/common/EncryptionService.java b/jans-auth-server/common/src/main/java/io/jans/as/common/service/common/EncryptionService.java index b299753fb5d..7277481375a 100644 --- a/jans-auth-server/common/src/main/java/io/jans/as/common/service/common/EncryptionService.java +++ b/jans-auth-server/common/src/main/java/io/jans/as/common/service/common/EncryptionService.java @@ -1,80 +1,47 @@ /* - * Janssen Project software is available under the Apache License (2004). See http://www.apache.org/licenses/ for full text. + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. * * Copyright (c) 2020, Janssen Project */ package io.jans.as.common.service.common; -import io.jans.util.StringHelper; -import io.jans.util.security.PropertiesDecrypter; -import io.jans.util.security.StringEncrypter; -import io.jans.util.security.StringEncrypter.EncryptionException; -import org.slf4j.Logger; +import java.util.Properties; +import io.jans.util.security.StringEncrypter.EncryptionException; import jakarta.enterprise.context.ApplicationScoped; import jakarta.inject.Inject; -import java.util.Properties; /** - * Allows to decrypt passwords + * Proxy for compatibility with old versions * - * @author Yuriy Movchan Date: 09/23/2014 + * @author Yuriy Movchan Date: 01/12/2024 */ @ApplicationScoped +@Deprecated public class EncryptionService { - @Inject - private Logger log; - - @Inject - private StringEncrypter stringEncrypter; - - public String decrypt(String encryptedString) throws EncryptionException { - if (StringHelper.isEmpty(encryptedString)) { - return null; - } - - return stringEncrypter.decrypt(encryptedString); - } - - public String decrypt(String encryptedValue, boolean returnSource) { - if (encryptedValue == null) { - return encryptedValue; - } + @Inject + private io.jans.service.EncryptionService encryptionService; - String resultValue; - if (returnSource) { - resultValue = encryptedValue; - } else { - resultValue = null; - } + public String decrypt(String encryptedString) throws EncryptionException { + return encryptionService.decrypt(encryptedString); + } - try { - resultValue = stringEncrypter.decrypt(encryptedValue); - } catch (Exception ex) { - if (!returnSource) { - log.error(String.format("Failed to decrypt value: '%s'", encryptedValue, ex)); - } - } - - return resultValue; + public String decrypt(String encryptedValue, boolean returnSource) { + return encryptionService.decrypt(encryptedValue, returnSource); } - public String encrypt(String unencryptedString) throws EncryptionException { - if (StringHelper.isEmpty(unencryptedString)) { - return null; - } + public String encrypt(String unencryptedString) throws EncryptionException { + return encryptionService.decrypt(unencryptedString); + } - return stringEncrypter.encrypt(unencryptedString); - } + public Properties decryptProperties(Properties connectionProperties) { + return encryptionService.decryptProperties(connectionProperties); + } - public Properties decryptProperties(Properties connectionProperties) { - return PropertiesDecrypter.decryptProperties(stringEncrypter, connectionProperties); - } - - public Properties decryptAllProperties(Properties connectionProperties) { - return PropertiesDecrypter.decryptAllProperties(stringEncrypter, connectionProperties); - } + public Properties decryptAllProperties(Properties connectionProperties) { + return encryptionService.decryptAllProperties(connectionProperties); + } } \ No newline at end of file diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/AppInitializer.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/AppInitializer.java index 43400a47893..03637c36fa4 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/service/AppInitializer.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/AppInitializer.java @@ -19,7 +19,6 @@ import com.google.common.collect.Lists; import io.jans.as.common.service.common.ApplicationFactory; -import io.jans.as.common.service.common.EncryptionService; import io.jans.as.model.common.FeatureFlagType; import io.jans.as.model.configuration.AppConfiguration; import io.jans.as.persistence.model.configuration.GluuConfiguration; @@ -48,6 +47,7 @@ import io.jans.orm.model.PersistenceConfiguration; import io.jans.orm.util.properties.FileConfiguration; import io.jans.service.ApplicationConfigurationFactory; +import io.jans.service.EncryptionService; import io.jans.service.PythonService; import io.jans.service.cdi.async.Asynchronous; import io.jans.service.cdi.event.ApplicationInitialized; diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/ClientService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/ClientService.java index 56b3bd1004c..06b7283fba3 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/service/ClientService.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/ClientService.java @@ -6,9 +6,24 @@ package io.jans.as.server.service; +import static org.apache.commons.lang3.BooleanUtils.isFalse; +import static org.apache.commons.lang3.BooleanUtils.isTrue; + +import java.util.Collection; +import java.util.Date; +import java.util.GregorianCalendar; +import java.util.List; +import java.util.Set; +import java.util.TimeZone; + +import org.apache.commons.lang3.BooleanUtils; +import org.json.JSONArray; +import org.slf4j.Logger; + +import com.google.common.base.Preconditions; import com.google.common.collect.Sets; + import io.jans.as.common.model.registration.Client; -import io.jans.as.common.service.common.EncryptionService; import io.jans.as.model.common.AuthenticationMethod; import io.jans.as.model.config.StaticConfiguration; import io.jans.as.model.configuration.AppConfiguration; @@ -21,6 +36,7 @@ import io.jans.orm.model.base.CustomObjectAttribute; import io.jans.service.BaseCacheService; import io.jans.service.CacheService; +import io.jans.service.EncryptionService; import io.jans.service.LocalCacheService; import io.jans.util.StringHelper; import io.jans.util.security.StringEncrypter; @@ -28,15 +44,6 @@ import jakarta.ejb.Stateless; import jakarta.inject.Inject; import jakarta.inject.Named; -import org.apache.commons.lang3.BooleanUtils; -import org.json.JSONArray; -import com.google.common.base.Preconditions; -import org.slf4j.Logger; - -import java.util.*; - -import static org.apache.commons.lang3.BooleanUtils.isFalse; -import static org.apache.commons.lang3.BooleanUtils.isTrue; /** * Provides operations with clients. diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/push/sns/PushSnsService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/push/sns/PushSnsService.java index cf4d5e32f19..3d7273d2579 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/service/push/sns/PushSnsService.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/push/sns/PushSnsService.java @@ -6,6 +6,11 @@ package io.jans.as.server.service.push.sns; +import java.io.IOException; +import java.util.Date; +import java.util.HashMap; +import java.util.Map; + import com.amazonaws.auth.AWSStaticCredentialsProvider; import com.amazonaws.auth.BasicAWSCredentials; import com.amazonaws.regions.Regions; @@ -16,19 +21,15 @@ import com.amazonaws.services.sns.model.MessageAttributeValue; import com.amazonaws.services.sns.model.PublishRequest; import com.amazonaws.services.sns.model.PublishResult; + import io.jans.as.common.model.common.User; -import io.jans.as.common.service.common.EncryptionService; import io.jans.as.model.configuration.AppConfiguration; import io.jans.as.server.util.ServerUtil; import io.jans.orm.PersistenceEntryManager; - +import io.jans.service.EncryptionService; import jakarta.ejb.Stateless; import jakarta.inject.Inject; import jakarta.inject.Named; -import java.io.IOException; -import java.util.Date; -import java.util.HashMap; -import java.util.Map; /** * Provides operations to send AWS SNS push messages diff --git a/jans-auth-server/server/src/test/java/io/jans/as/server/BaseComponentTest.java b/jans-auth-server/server/src/test/java/io/jans/as/server/BaseComponentTest.java index 57d37861d4e..4ebbd2d229a 100644 --- a/jans-auth-server/server/src/test/java/io/jans/as/server/BaseComponentTest.java +++ b/jans-auth-server/server/src/test/java/io/jans/as/server/BaseComponentTest.java @@ -6,7 +6,6 @@ package io.jans.as.server; -import io.jans.as.common.service.common.EncryptionService; import io.jans.as.common.service.common.InumService; import io.jans.as.common.service.common.UserService; import io.jans.as.model.config.StaticConfiguration; @@ -24,6 +23,7 @@ import io.jans.as.server.uma.service.UmaRptService; import io.jans.orm.PersistenceEntryManager; import io.jans.service.CacheService; +import io.jans.service.EncryptionService; import io.jans.service.cdi.util.CdiUtil; /** diff --git a/jans-casa/extras/Casa.py b/jans-casa/extras/Casa.py index 75710575523..0da919cd2e4 100644 --- a/jans-casa/extras/Casa.py +++ b/jans-casa/extras/Casa.py @@ -2,7 +2,7 @@ from io.jans.as.server.security import Identity from io.jans.as.server.service import AuthenticationService from io.jans.as.server.service import UserService -from io.jans.as.common.service.common import EncryptionService +io.jans.service import EncryptionService from io.jans.as.server.service.custom import CustomScriptService from io.jans.as.server.service.net import HttpService from io.jans.as.server.util import ServerUtil diff --git a/jans-casa/extras/casa-external_super_gluu.py b/jans-casa/extras/casa-external_super_gluu.py index a6c069d7162..a5c647b1f90 100644 --- a/jans-casa/extras/casa-external_super_gluu.py +++ b/jans-casa/extras/casa-external_super_gluu.py @@ -18,7 +18,7 @@ from io.jans.as.server.service.net import HttpService, HttpService2 from io.jans.as.server.util import ServerUtil from io.jans.util import StringHelper -from io.jans.as.common.service.common import EncryptionService +io.jans.service import EncryptionService from io.jans.as.server.service import UserService from io.jans.service import MailService from io.jans.as.server.service.push.sns import PushPlatform diff --git a/jans-casa/plugins/email_2fa_core/extras/email_2fa_core.py b/jans-casa/plugins/email_2fa_core/extras/email_2fa_core.py index 81334fd740e..7bd4ef73676 100644 --- a/jans-casa/plugins/email_2fa_core/extras/email_2fa_core.py +++ b/jans-casa/plugins/email_2fa_core/extras/email_2fa_core.py @@ -11,7 +11,7 @@ from io.jans.as.server.util import ServerUtil from io.jans.as.common.service.common import ConfigurationService -from io.jans.as.common.service.common import EncryptionService +io.jans.service import EncryptionService from io.jans.jsf2.message import FacesMessages from io.jans.casa.model import ApplicationConfiguration from io.jans.orm.exception import AuthenticationException diff --git a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/auth/OAuth2Service.java b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/auth/OAuth2Service.java index c0b077dbf57..1844a234c56 100644 --- a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/auth/OAuth2Service.java +++ b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/auth/OAuth2Service.java @@ -3,7 +3,6 @@ import com.google.common.base.Strings; import com.google.common.collect.Sets; import io.jans.as.client.TokenRequest; -import io.jans.as.common.service.common.EncryptionService; import io.jans.as.model.common.GrantType; import io.jans.ca.plugin.adminui.model.auth.ApiTokenRequest; import io.jans.ca.plugin.adminui.model.auth.TokenResponse; @@ -14,6 +13,7 @@ import io.jans.ca.plugin.adminui.service.config.AUIConfigurationService; import io.jans.ca.plugin.adminui.utils.CommonUtils; import io.jans.ca.plugin.adminui.utils.ErrorResponse; +import io.jans.service.EncryptionService; import jakarta.inject.Inject; import jakarta.inject.Singleton; import jakarta.ws.rs.core.Response; diff --git a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/config/AUIConfigurationService.java b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/config/AUIConfigurationService.java index 2dfbac04ba3..8a499959d4a 100644 --- a/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/config/AUIConfigurationService.java +++ b/jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/config/AUIConfigurationService.java @@ -3,7 +3,6 @@ import com.google.api.client.util.Strings; import com.google.common.collect.Maps; import io.jans.as.client.TokenRequest; -import io.jans.as.common.service.common.EncryptionService; import io.jans.as.model.common.GrantType; import io.jans.as.model.config.adminui.AdminConf; import io.jans.as.model.config.adminui.LicenseConfig; @@ -19,6 +18,7 @@ import io.jans.ca.plugin.adminui.utils.ErrorResponse; import io.jans.configapi.service.auth.ConfigurationService; import io.jans.orm.PersistenceEntryManager; +import io.jans.service.EncryptionService; import jakarta.inject.Inject; import jakarta.inject.Singleton; import jakarta.ws.rs.core.Response; diff --git a/jans-config-api/plugins/jans-link-plugin/src/main/java/io/jans/configapi/plugin/link/rest/JansLinkConfigResource.java b/jans-config-api/plugins/jans-link-plugin/src/main/java/io/jans/configapi/plugin/link/rest/JansLinkConfigResource.java index 8ded71d8a24..99d0b0e967c 100644 --- a/jans-config-api/plugins/jans-link-plugin/src/main/java/io/jans/configapi/plugin/link/rest/JansLinkConfigResource.java +++ b/jans-config-api/plugins/jans-link-plugin/src/main/java/io/jans/configapi/plugin/link/rest/JansLinkConfigResource.java @@ -6,7 +6,6 @@ package io.jans.configapi.plugin.link.rest; -import io.jans.as.common.service.common.EncryptionService; import io.jans.configapi.core.rest.BaseResource; import io.jans.configapi.core.rest.ProtectedApi; import io.jans.configapi.plugin.link.util.Constants; @@ -14,6 +13,7 @@ import io.jans.configapi.util.ApiAccessConstants; import io.jans.link.model.config.AppConfiguration; import io.jans.model.ldap.GluuLdapConfiguration; +import io.jans.service.EncryptionService; import io.jans.util.security.StringEncrypter.EncryptionException; import io.swagger.v3.oas.annotations.Operation; diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ClientsResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ClientsResource.java index ba76e88288f..7b7175c51ef 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ClientsResource.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ClientsResource.java @@ -10,7 +10,6 @@ import com.github.fge.jsonpatch.JsonPatchException; import static io.jans.as.model.util.Util.escapeLog; import io.jans.as.common.model.registration.Client; -import io.jans.as.common.service.common.EncryptionService; import io.jans.as.common.service.common.InumService; import io.jans.as.persistence.model.Scope; import io.jans.configapi.core.rest.ProtectedApi; @@ -28,6 +27,7 @@ import io.jans.orm.PersistenceEntryManager; import io.jans.orm.exception.EntryPersistenceException; import io.jans.orm.model.PagedResult; +import io.jans.service.EncryptionService; import io.jans.util.StringHelper; import io.jans.util.security.StringEncrypter.EncryptionException; diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ConfigSmtpResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ConfigSmtpResource.java index aba63ad3838..1a65031fc98 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ConfigSmtpResource.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ConfigSmtpResource.java @@ -7,13 +7,13 @@ package io.jans.configapi.rest.resource.auth; import io.jans.as.common.service.common.ConfigurationService; -import io.jans.as.common.service.common.EncryptionService; import io.jans.as.persistence.model.configuration.GluuConfiguration; import io.jans.configapi.core.rest.ProtectedApi; import io.jans.configapi.util.ApiAccessConstants; import io.jans.configapi.util.ApiConstants; import io.jans.model.SmtpConfiguration; import io.jans.model.SmtpTest; +import io.jans.service.EncryptionService; import io.jans.service.MailService; import io.jans.util.security.StringEncrypter.EncryptionException; diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/CouchbaseConfService.java b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/CouchbaseConfService.java index cc8a1218d08..3d04707c6f6 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/CouchbaseConfService.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/CouchbaseConfService.java @@ -8,10 +8,10 @@ import com.github.fge.jackson.JacksonUtils; import com.google.common.collect.Lists; -import io.jans.as.common.service.common.EncryptionService; import io.jans.as.persistence.model.configuration.GluuConfiguration; import io.jans.as.persistence.model.configuration.IDPAuthConf; import io.jans.orm.couchbase.model.CouchbaseConnectionConfiguration; +import io.jans.service.EncryptionService; import io.jans.util.security.StringEncrypter; import org.apache.commons.lang3.StringUtils; diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/LdapConfigurationService.java b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/LdapConfigurationService.java index 9e90b7f6dea..01c246fbd48 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/LdapConfigurationService.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/LdapConfigurationService.java @@ -9,10 +9,10 @@ import com.github.fge.jackson.JacksonUtils; import com.google.common.collect.Iterables; import com.google.common.collect.Lists; -import io.jans.as.common.service.common.EncryptionService; import io.jans.as.persistence.model.configuration.GluuConfiguration; import io.jans.as.persistence.model.configuration.IDPAuthConf; import io.jans.model.ldap.GluuLdapConfiguration; +import io.jans.service.EncryptionService; import io.jans.util.security.StringEncrypter; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/SqlConfService.java b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/SqlConfService.java index f9ce9991fd0..8d50641c6ed 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/SqlConfService.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/SqlConfService.java @@ -2,10 +2,10 @@ import com.github.fge.jackson.JacksonUtils; import com.google.common.collect.Lists; -import io.jans.as.common.service.common.EncryptionService; import io.jans.as.persistence.model.configuration.GluuConfiguration; import io.jans.as.persistence.model.configuration.IDPAuthConf; import io.jans.orm.sql.model.SqlConnectionConfiguration; +import io.jans.service.EncryptionService; import io.jans.util.security.StringEncrypter; import org.apache.commons.lang3.StringUtils; diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/util/AuthUtil.java b/jans-config-api/server/src/main/java/io/jans/configapi/util/AuthUtil.java index 3958b299bdd..9abcec216da 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/util/AuthUtil.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/util/AuthUtil.java @@ -4,7 +4,6 @@ import io.jans.as.client.RevokeSessionResponse; import io.jans.as.client.TokenResponse; import io.jans.as.common.model.registration.Client; -import io.jans.as.common.service.common.EncryptionService; import io.jans.as.model.common.ScopeType; import io.jans.as.model.uma.wrapper.Token; import io.jans.as.model.util.Util; @@ -22,6 +21,7 @@ import io.jans.configapi.service.auth.ConfigurationService; import io.jans.configapi.service.auth.ClientService; import io.jans.configapi.service.auth.ScopeService; +import io.jans.service.EncryptionService; import io.jans.util.security.StringEncrypter.EncryptionException; import java.lang.reflect.Method; diff --git a/jans-scim/service/src/main/java/io/jans/scim/service/EncryptionService.java b/jans-core/service/src/main/java/io/jans/service/EncryptionService.java similarity index 65% rename from jans-scim/service/src/main/java/io/jans/scim/service/EncryptionService.java rename to jans-core/service/src/main/java/io/jans/service/EncryptionService.java index d3ef90fe63d..002e3d5ec15 100644 --- a/jans-scim/service/src/main/java/io/jans/scim/service/EncryptionService.java +++ b/jans-core/service/src/main/java/io/jans/service/EncryptionService.java @@ -4,18 +4,18 @@ * Copyright (c) 2020, Janssen Project */ -package io.jans.scim.service; +package io.jans.service; -import java.io.Serializable; import java.util.Properties; -import jakarta.enterprise.context.ApplicationScoped; -import jakarta.inject.Inject; +import org.slf4j.Logger; import io.jans.util.StringHelper; import io.jans.util.security.PropertiesDecrypter; import io.jans.util.security.StringEncrypter; import io.jans.util.security.StringEncrypter.EncryptionException; +import jakarta.enterprise.context.ApplicationScoped; +import jakarta.inject.Inject; /** * Allows to decrypted properties with passwords @@ -23,9 +23,10 @@ * @author Yuriy Movchan Date: 09/23/2014 */ @ApplicationScoped -public class EncryptionService implements Serializable { +public class EncryptionService { - private static final long serialVersionUID = -5813201875981117513L; + @Inject + private Logger log; @Inject private StringEncrypter stringEncrypter; @@ -38,6 +39,29 @@ public String decrypt(String encryptedString) throws EncryptionException { return stringEncrypter.decrypt(encryptedString); } + public String decrypt(String encryptedValue, boolean returnSource) { + if (encryptedValue == null) { + return encryptedValue; + } + + String resultValue; + if (returnSource) { + resultValue = encryptedValue; + } else { + resultValue = null; + } + + try { + resultValue = stringEncrypter.decrypt(encryptedValue); + } catch (Exception ex) { + if (!returnSource) { + log.error(String.format("Failed to decrypt value: '%s'", encryptedValue, ex)); + } + } + + return resultValue; + } + public String encrypt(String unencryptedString) throws EncryptionException { if (StringHelper.isEmpty(unencryptedString)) { return null; diff --git a/jans-fido2/server/src/main/java/io/jans/fido2/service/app/AppInitializer.java b/jans-fido2/server/src/main/java/io/jans/fido2/service/app/AppInitializer.java index 4c9c0bf3ce1..35c7d1f22dd 100644 --- a/jans-fido2/server/src/main/java/io/jans/fido2/service/app/AppInitializer.java +++ b/jans-fido2/server/src/main/java/io/jans/fido2/service/app/AppInitializer.java @@ -13,9 +13,9 @@ import io.jans.fido2.service.shared.MetricService; import io.jans.model.custom.script.CustomScriptType; import io.jans.as.common.service.common.ApplicationFactory; -import io.jans.as.common.service.common.EncryptionService; import io.jans.orm.PersistenceEntryManager; import io.jans.orm.model.PersistenceConfiguration; +import io.jans.service.EncryptionService; import io.jans.service.PythonService; import io.jans.service.cdi.event.ApplicationInitialized; import io.jans.service.cdi.event.ApplicationInitializedEvent; diff --git a/jans-keycloak-link/server/src/main/java/io/jans/keycloak/link/server/service/AppInitializer.java b/jans-keycloak-link/server/src/main/java/io/jans/keycloak/link/server/service/AppInitializer.java index a2ba3a6f032..736bfd8a6ee 100644 --- a/jans-keycloak-link/server/src/main/java/io/jans/keycloak/link/server/service/AppInitializer.java +++ b/jans-keycloak-link/server/src/main/java/io/jans/keycloak/link/server/service/AppInitializer.java @@ -18,11 +18,11 @@ import io.jans.exception.ConfigurationException; import io.jans.keycloak.link.service.config.ApplicationFactory; import io.jans.keycloak.link.service.config.ConfigurationFactory; -import io.jans.link.service.EncryptionService; import io.jans.model.custom.script.CustomScriptType; import io.jans.orm.PersistenceEntryManager; import io.jans.orm.model.PersistenceConfiguration; import io.jans.orm.util.properties.FileConfiguration; +import io.jans.service.EncryptionService; import io.jans.service.PythonService; import io.jans.service.cdi.event.ApplicationInitialized; import io.jans.service.cdi.event.ApplicationInitializedEvent; diff --git a/jans-keycloak-link/server/src/main/java/io/jans/keycloak/link/server/service/KeycloakService.java b/jans-keycloak-link/server/src/main/java/io/jans/keycloak/link/server/service/KeycloakService.java index 60668bc8907..8214a7b8087 100644 --- a/jans-keycloak-link/server/src/main/java/io/jans/keycloak/link/server/service/KeycloakService.java +++ b/jans-keycloak-link/server/src/main/java/io/jans/keycloak/link/server/service/KeycloakService.java @@ -3,8 +3,8 @@ import io.jans.keycloak.link.model.config.CacheRefreshConfiguration; import io.jans.keycloak.link.model.config.KeycloakConfiguration; import io.jans.keycloak.link.service.config.ConfigurationFactory; -import io.jans.link.service.EncryptionService; import io.jans.link.util.PropertyUtil; +import io.jans.service.EncryptionService; import io.jans.util.security.StringEncrypter; import jakarta.enterprise.context.ApplicationScoped; import jakarta.enterprise.inject.Produces; diff --git a/jans-keycloak-link/server/src/main/java/io/jans/keycloak/link/timer/JansKeycloakLinkTimer.java b/jans-keycloak-link/server/src/main/java/io/jans/keycloak/link/timer/JansKeycloakLinkTimer.java index 7c8b634a277..ced9fb3a149 100644 --- a/jans-keycloak-link/server/src/main/java/io/jans/keycloak/link/timer/JansKeycloakLinkTimer.java +++ b/jans-keycloak-link/server/src/main/java/io/jans/keycloak/link/timer/JansKeycloakLinkTimer.java @@ -34,6 +34,7 @@ import io.jans.orm.search.filter.Filter; import io.jans.orm.util.ArrayHelper; import io.jans.orm.util.StringHelper; +import io.jans.service.EncryptionService; import io.jans.service.ObjectSerializationService; import io.jans.service.SchemaService; import io.jans.service.cdi.async.Asynchronous; diff --git a/jans-link/server/src/main/java/io/jans/link/server/service/AppInitializer.java b/jans-link/server/src/main/java/io/jans/link/server/service/AppInitializer.java index 8c2a0253980..7cc2dcd8bec 100644 --- a/jans-link/server/src/main/java/io/jans/link/server/service/AppInitializer.java +++ b/jans-link/server/src/main/java/io/jans/link/server/service/AppInitializer.java @@ -15,7 +15,6 @@ import com.google.common.collect.Lists; -import io.jans.link.service.EncryptionService; import io.jans.link.service.config.ApplicationFactory; import io.jans.link.service.config.ConfigurationFactory; import io.jans.exception.ConfigurationException; @@ -23,6 +22,7 @@ import io.jans.orm.PersistenceEntryManager; import io.jans.orm.model.PersistenceConfiguration; import io.jans.orm.util.properties.FileConfiguration; +import io.jans.service.EncryptionService; import io.jans.service.PythonService; import io.jans.service.cdi.event.ApplicationInitialized; import io.jans.service.cdi.event.ApplicationInitializedEvent; diff --git a/jans-link/server/src/main/java/io/jans/link/timer/JansLinkTimer.java b/jans-link/server/src/main/java/io/jans/link/timer/JansLinkTimer.java index 49ebfa332e2..dd800a36489 100644 --- a/jans-link/server/src/main/java/io/jans/link/timer/JansLinkTimer.java +++ b/jans-link/server/src/main/java/io/jans/link/timer/JansLinkTimer.java @@ -28,6 +28,7 @@ import io.jans.orm.search.filter.Filter; import io.jans.orm.util.ArrayHelper; import io.jans.orm.util.StringHelper; +import io.jans.service.EncryptionService; import io.jans.service.ObjectSerializationService; import io.jans.service.cdi.async.Asynchronous; import io.jans.service.cdi.event.Scheduled; diff --git a/jans-link/service/src/main/java/io/jans/link/service/BaseJansLinkTimer.java b/jans-link/service/src/main/java/io/jans/link/service/BaseJansLinkTimer.java index 1152c70fa98..0270c26694a 100644 --- a/jans-link/service/src/main/java/io/jans/link/service/BaseJansLinkTimer.java +++ b/jans-link/service/src/main/java/io/jans/link/service/BaseJansLinkTimer.java @@ -27,6 +27,7 @@ import io.jans.orm.search.filter.Filter; import io.jans.orm.util.ArrayHelper; import io.jans.orm.util.StringHelper; +import io.jans.service.EncryptionService; import io.jans.service.ObjectSerializationService; import io.jans.service.SchemaService; import io.jans.util.OxConstants; diff --git a/jans-link/service/src/main/java/io/jans/link/service/EncryptionService.java b/jans-link/service/src/main/java/io/jans/link/service/EncryptionService.java deleted file mode 100644 index 9fc99ef1513..00000000000 --- a/jans-link/service/src/main/java/io/jans/link/service/EncryptionService.java +++ /dev/null @@ -1,56 +0,0 @@ -/* - * oxTrust is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. - * - * Copyright (c) 2014, Gluu - */ -package io.jans.link.service; - -import java.io.Serializable; -import java.util.Properties; - -//import javax.inject.Inject; - -import io.jans.orm.util.StringHelper; -import io.jans.util.security.PropertiesDecrypter; -import io.jans.util.security.StringEncrypter; -import jakarta.enterprise.context.ApplicationScoped; -import jakarta.inject.Inject; - -/** - * Allows to decrypted properties with passwords - * - * @author Yuriy Movchan Date: 09/23/2014 - */ -@ApplicationScoped -public class EncryptionService implements Serializable { - - private static final long serialVersionUID = -5813201875981117513L; - - @Inject - private StringEncrypter stringEncrypter; - - public String decrypt(String encryptedString) throws StringEncrypter.EncryptionException { - if (StringHelper.isEmpty(encryptedString)) { - return null; - } - - return stringEncrypter.decrypt(encryptedString); - } - - public String encrypt(String unencryptedString) throws StringEncrypter.EncryptionException { - if (StringHelper.isEmpty(unencryptedString)) { - return null; - } - - return stringEncrypter.encrypt(unencryptedString); - } - - public Properties decryptProperties(Properties connectionProperties) { - return PropertiesDecrypter.decryptProperties(stringEncrypter, connectionProperties); - } - - public Properties decryptAllProperties(Properties connectionProperties) { - return PropertiesDecrypter.decryptAllProperties(stringEncrypter, connectionProperties); - } - -} \ No newline at end of file diff --git a/jans-link/service/src/main/java/io/jans/link/util/PropertyUtil.java b/jans-link/service/src/main/java/io/jans/link/util/PropertyUtil.java index 04fc30aa9a1..18eab8881f8 100644 --- a/jans-link/service/src/main/java/io/jans/link/util/PropertyUtil.java +++ b/jans-link/service/src/main/java/io/jans/link/util/PropertyUtil.java @@ -12,11 +12,8 @@ import org.apache.commons.lang.StringEscapeUtils; import org.apache.log4j.Logger; -//import javax.inject.Inject; -//import javax.inject.Named; - -import io.jans.link.service.EncryptionService; import io.jans.model.SimpleProperty; +import io.jans.service.EncryptionService; import io.jans.util.StringHelper; import io.jans.util.security.StringEncrypter; import jakarta.inject.Inject; diff --git a/jans-lock/server/src/main/java/io/jans/lock/server/service/AppInitializer.java b/jans-lock/server/src/main/java/io/jans/lock/server/service/AppInitializer.java index 4decaf85e9a..5392ba04c1d 100644 --- a/jans-lock/server/src/main/java/io/jans/lock/server/service/AppInitializer.java +++ b/jans-lock/server/src/main/java/io/jans/lock/server/service/AppInitializer.java @@ -23,6 +23,7 @@ import io.jans.orm.model.PersistenceConfiguration; import io.jans.orm.util.properties.FileConfiguration; import io.jans.service.ApplicationConfigurationFactory; +import io.jans.service.EncryptionService; import io.jans.service.PythonService; import io.jans.service.cdi.event.ApplicationInitialized; import io.jans.service.cdi.event.ApplicationInitializedEvent; diff --git a/jans-lock/server/src/main/java/io/jans/lock/server/service/ConfigurationService.java b/jans-lock/server/src/main/java/io/jans/lock/server/service/ConfigurationService.java index c246fb09276..dc102086f4d 100644 --- a/jans-lock/server/src/main/java/io/jans/lock/server/service/ConfigurationService.java +++ b/jans-lock/server/src/main/java/io/jans/lock/server/service/ConfigurationService.java @@ -12,6 +12,7 @@ import io.jans.lock.model.config.StaticConfiguration; import io.jans.model.SmtpConfiguration; import io.jans.orm.PersistenceEntryManager; +import io.jans.service.EncryptionService; import io.jans.util.StringHelper; import io.jans.util.security.StringEncrypter.EncryptionException; import jakarta.enterprise.context.ApplicationScoped; diff --git a/jans-lock/server/src/main/java/io/jans/lock/server/service/EncryptionService.java b/jans-lock/server/src/main/java/io/jans/lock/server/service/EncryptionService.java deleted file mode 100644 index 0ac6608bf4d..00000000000 --- a/jans-lock/server/src/main/java/io/jans/lock/server/service/EncryptionService.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. - * - * Copyright (c) 2023, Janssen Project - */ - -package io.jans.lock.server.service; - -import java.io.Serializable; -import java.util.Properties; - -import io.jans.orm.util.StringHelper; -import io.jans.util.security.PropertiesDecrypter; -import io.jans.util.security.StringEncrypter; -import jakarta.enterprise.context.ApplicationScoped; -import jakarta.inject.Inject; - -/** - * Allows to decrypted properties with passwords - * - * @author Yuriy Movchan Date: 12/12/2023 - */ -@ApplicationScoped -public class EncryptionService implements Serializable { - - private static final long serialVersionUID = -5813201875981117513L; - - @Inject - private StringEncrypter stringEncrypter; - - public String decrypt(String encryptedString) throws StringEncrypter.EncryptionException { - if (StringHelper.isEmpty(encryptedString)) { - return null; - } - - return stringEncrypter.decrypt(encryptedString); - } - - public String encrypt(String unencryptedString) throws StringEncrypter.EncryptionException { - if (StringHelper.isEmpty(unencryptedString)) { - return null; - } - - return stringEncrypter.encrypt(unencryptedString); - } - - public Properties decryptProperties(Properties connectionProperties) { - return PropertiesDecrypter.decryptProperties(stringEncrypter, connectionProperties); - } - - public Properties decryptAllProperties(Properties connectionProperties) { - return PropertiesDecrypter.decryptAllProperties(stringEncrypter, connectionProperties); - } - -} \ No newline at end of file diff --git a/jans-lock/service/src/main/java/io/jans/lock/model/config/OpaConfiguration.java b/jans-lock/service/src/main/java/io/jans/lock/model/config/OpaConfiguration.java index 2d597636983..6145e751c39 100644 --- a/jans-lock/service/src/main/java/io/jans/lock/model/config/OpaConfiguration.java +++ b/jans-lock/service/src/main/java/io/jans/lock/model/config/OpaConfiguration.java @@ -20,6 +20,8 @@ public class OpaConfiguration implements Configuration { private String baseUrl; + private String accessToken; + public String getBaseUrl() { return baseUrl; } @@ -28,4 +30,12 @@ public void setBaseUrl(String baseUrl) { this.baseUrl = baseUrl; } + public String getAccessToken() { + return accessToken; + } + + public void setAccessToken(String accessToken) { + this.accessToken = accessToken; + } + } diff --git a/jans-lock/service/src/main/java/io/jans/lock/service/consumer/message/opa/OpaMessageConsumer.java b/jans-lock/service/src/main/java/io/jans/lock/service/consumer/message/opa/OpaMessageConsumer.java index 0dda2143e57..bf87689f18a 100644 --- a/jans-lock/service/src/main/java/io/jans/lock/service/consumer/message/opa/OpaMessageConsumer.java +++ b/jans-lock/service/src/main/java/io/jans/lock/service/consumer/message/opa/OpaMessageConsumer.java @@ -11,6 +11,7 @@ import org.apache.http.HttpStatus; import org.apache.http.client.methods.HttpDelete; import org.apache.http.client.methods.HttpPut; +import org.apache.http.client.methods.HttpRequestBase; import org.apache.http.entity.ContentType; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.CloseableHttpClient; @@ -22,10 +23,12 @@ import com.fasterxml.jackson.databind.node.ObjectNode; import io.jans.lock.model.config.AppConfiguration; +import io.jans.lock.model.config.OpaConfiguration; import io.jans.lock.service.TokenService; import io.jans.lock.service.external.ExternalLockService; import io.jans.lock.service.external.context.ExternalLockContext; import io.jans.model.token.TokenEntity; +import io.jans.service.EncryptionService; import io.jans.service.cdi.async.Asynchronous; import io.jans.service.cdi.qualifier.Implementation; import io.jans.service.message.consumer.MessageConsumer; @@ -64,6 +67,9 @@ public class OpaMessageConsumer extends MessageConsumer { @Inject private TokenService tokenService; + @Inject + private EncryptionService encryptionService; + private ObjectMapper objectMapper; private ExpiringMap loadedTokens; @@ -142,12 +148,15 @@ protected boolean putData(String message, JsonNode messageNode) { // Send rest request to OPA - String baseUrl = appConfiguration.getOpaConfiguration().getBaseUrl(); + OpaConfiguration opaConfiguration = appConfiguration.getOpaConfiguration(); + String baseUrl = opaConfiguration.getBaseUrl(); HttpPut request = new HttpPut(String.format("%s/data/%s/%s", baseUrl, tknTyp, tknCde)); + addAccessTokenHeader(request, opaConfiguration); + request.addHeader("Content-Type", ContentType.APPLICATION_JSON.getMimeType()); request.addHeader("If-None-Match", "*"); - + StringEntity stringEntity = new StringEntity(dataNode.toString(), ContentType.APPLICATION_JSON); request.setEntity(stringEntity); @@ -193,9 +202,11 @@ protected boolean removeData(JsonNode messageNode) { String tknTyp = messageNode.get("tknTyp").asText(); String tknCde = messageNode.get("tknCde").asText(); - String baseUrl = appConfiguration.getOpaConfiguration().getBaseUrl(); + OpaConfiguration opaConfiguration = appConfiguration.getOpaConfiguration(); + String baseUrl = opaConfiguration.getBaseUrl(); HttpDelete request = new HttpDelete(String.format("%s/data/%s/%s", baseUrl, tknTyp, tknCde)); + addAccessTokenHeader(request, opaConfiguration); boolean result = false; try { @@ -219,6 +230,13 @@ protected long getExpirationInSeconds(TokenEntity tokenEntity) { return duration; } + private void addAccessTokenHeader(HttpRequestBase request, OpaConfiguration opaConfiguration) { + String accessToken = encryptionService.decrypt(opaConfiguration.getAccessToken(), true); + if (StringHelper.isNotEmpty(accessToken)) { + request.setHeader("Authorization", "Bearer " + accessToken); + } + } + protected class OpaExpirationListener implements ExpirationListener { public void expired(String key, String message) { diff --git a/jans-lock/service/src/main/java/io/jans/lock/service/consumer/policy/opa/OpaPolicyConsumer.java b/jans-lock/service/src/main/java/io/jans/lock/service/consumer/policy/opa/OpaPolicyConsumer.java index 7b16d27125c..456644bbd7d 100644 --- a/jans-lock/service/src/main/java/io/jans/lock/service/consumer/policy/opa/OpaPolicyConsumer.java +++ b/jans-lock/service/src/main/java/io/jans/lock/service/consumer/policy/opa/OpaPolicyConsumer.java @@ -16,6 +16,7 @@ import org.apache.http.HttpStatus; import org.apache.http.client.methods.HttpDelete; import org.apache.http.client.methods.HttpPut; +import org.apache.http.client.methods.HttpRequestBase; import org.apache.http.entity.ContentType; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.CloseableHttpClient; @@ -24,11 +25,14 @@ import com.unboundid.util.Base64; import io.jans.lock.model.config.AppConfiguration; +import io.jans.lock.model.config.OpaConfiguration; import io.jans.lock.service.external.ExternalLockService; import io.jans.lock.service.external.context.ExternalLockContext; +import io.jans.service.EncryptionService; import io.jans.service.cdi.qualifier.Implementation; import io.jans.service.net.BaseHttpService; import io.jans.service.policy.consumer.PolicyConsumer; +import io.jans.util.StringHelper; import jakarta.annotation.PostConstruct; import jakarta.enterprise.context.ApplicationScoped; import jakarta.enterprise.inject.Instance; @@ -60,6 +64,9 @@ public class OpaPolicyConsumer extends PolicyConsumer { @Inject @Implementation private Instance policyConsumerProviderInstance; + + @Inject + private EncryptionService encryptionService; private MessageDigest sha256Digest; @@ -109,9 +116,12 @@ public boolean putPolicies(String sourceUri, List policies) { continue; } - String baseUrl = appConfiguration.getOpaConfiguration().getBaseUrl(); + OpaConfiguration opaConfiguration = appConfiguration.getOpaConfiguration(); + String baseUrl = opaConfiguration.getBaseUrl(); + HttpPut request = new HttpPut(String.format("%s/policies/%s", baseUrl, policyId)); - + addAccessTokenHeader(request, opaConfiguration); + StringEntity stringEntity = new StringEntity(policy, ContentType.TEXT_PLAIN); request.setEntity(stringEntity); @@ -182,8 +192,11 @@ public boolean sendRemovePolicyRequest(String sourceUri, String policyId) { return true; } - String baseUrl = appConfiguration.getOpaConfiguration().getBaseUrl(); + OpaConfiguration opaConfiguration = appConfiguration.getOpaConfiguration(); + String baseUrl = opaConfiguration.getBaseUrl(); + HttpDelete request = new HttpDelete(String.format("%s/policies/%s", baseUrl, policyId)); + addAccessTokenHeader(request, opaConfiguration); boolean result = true; try { @@ -201,6 +214,13 @@ public boolean sendRemovePolicyRequest(String sourceUri, String policyId) { return result; } + private void addAccessTokenHeader(HttpRequestBase request, OpaConfiguration opaConfiguration) { + String accessToken = encryptionService.decrypt(opaConfiguration.getAccessToken(), true); + if (StringHelper.isNotEmpty(accessToken)) { + request.setHeader("Authorization", "Bearer " + accessToken); + } + } + @Override public String getPolicyConsumerType() { return POLICY_CONSUMER_TYPE; diff --git a/jans-lock/service/src/main/java/io/jans/lock/service/policy/PolicyDownloadService.java b/jans-lock/service/src/main/java/io/jans/lock/service/policy/PolicyDownloadService.java index aaec06580cf..6dac69e8165 100644 --- a/jans-lock/service/src/main/java/io/jans/lock/service/policy/PolicyDownloadService.java +++ b/jans-lock/service/src/main/java/io/jans/lock/service/policy/PolicyDownloadService.java @@ -26,6 +26,7 @@ import io.jans.lock.model.config.AppConfiguration; import io.jans.lock.service.policy.event.PolicyDownloadEvent; +import io.jans.service.EncryptionService; import io.jans.service.cdi.async.Asynchronous; import io.jans.service.cdi.event.Scheduled; import io.jans.service.net.BaseHttpService; @@ -62,6 +63,9 @@ public class PolicyDownloadService { @Inject private PolicyConsumer policyConsumer; + @Inject + private EncryptionService encryptionService; + private ObjectMapper objectMapper; private List loadedPoliciesJsonUris; @@ -115,7 +119,7 @@ private void reloadPolicies() { private void reloadUrisPolicies() { log.debug("Starting URIs policies reload"); - String policiesJsonUrisAccessToken = appConfiguration.getPoliciesJsonUrisAccessToken(); + String policiesJsonUrisAccessToken = encryptionService.decrypt(appConfiguration.getPoliciesJsonUrisAccessToken(), true); List policiesJsonUris = appConfiguration.getPoliciesJsonUris(); if (policiesJsonUris == null) { return; @@ -176,7 +180,7 @@ private void reloadUrisPolicies() { private void reloadZipPolicies() { log.debug("Starting Zip policies reload"); - String policiesZipUrisAccessToken = appConfiguration.getPoliciesZipUrisAccessToken(); + String policiesZipUrisAccessToken = encryptionService.decrypt(appConfiguration.getPoliciesZipUrisAccessToken(), true); List policiesZipUris = appConfiguration.getPoliciesZipUris(); if (policiesZipUris == null) { return; diff --git a/jans-scim/service/src/main/java/io/jans/scim/service/ConfigurationService.java b/jans-scim/service/src/main/java/io/jans/scim/service/ConfigurationService.java index f24eabea6e3..57879e14dd6 100644 --- a/jans-scim/service/src/main/java/io/jans/scim/service/ConfigurationService.java +++ b/jans-scim/service/src/main/java/io/jans/scim/service/ConfigurationService.java @@ -15,7 +15,7 @@ import io.jans.scim.model.GluuConfiguration; import io.jans.scim.model.GluuOxTrustStat; - +import io.jans.service.EncryptionService; import jakarta.enterprise.context.ApplicationScoped; import jakarta.faces.context.FacesContext; import jakarta.inject.Inject;