JanssenProject · moabu · Jan 25, 2023 · Jan 25, 2023 · Jan 25, 2023 · Jan 25, 2023
@@ -422,7 +422,7 @@ def do_installation():
 
             # if (Config.installed_instance and 'installOxd' in Config.addPostSetupService) or (not Config.installed_instance and Config.installOxd):
             #    oxdInstaller.start_installation()
-
+            jansInstaller.post_install_before_saving_properties()
             jansProgress.progress(PostSetup.service_name, "Saving properties")
             propertiesUtils.save_properties()
             time.sleep(2)

@@ -11,6 +11,7 @@
 from setup_app import paths
 from setup_app.static import AppType, InstallOption
 from setup_app.utils import base
+from setup_app.utils.ldif_utils import create_client_ldif
 from setup_app.config import Config
 from setup_app.installers.jetty import JettyInstaller
 from setup_app.pylib.ldif4.ldif import LDIFWriter
@@ -146,43 +147,22 @@ def generate_configuration(self):
 
         scope_ldif_fd.close()
 
-        createClient = True
-        config_api_dn = 'inum={},ou=clients,o=jans'.format(Config.jca_client_id)
+        create_client = True
         if Config.installed_instance and self.dbUtils.search('ou=clients,o=jans', search_filter='(&(inum={})(objectClass=jansClnt))'.format(Config.jca_client_id)):
-            createClient = False
-
-        if createClient:
-            clients_ldif_fd = open(self.clients_ldif_fn, 'wb')
-            ldif_clients_writer = LDIFWriter(clients_ldif_fd, cols=1000)
-            ldif_clients_writer.unparse(
-                config_api_dn, {
-                'objectClass': ['top', 'jansClnt'],
-                'del': ['false'],
-                'displayName': ['Jans Config Api Client'],
-                'inum': [Config.jca_client_id],
-                'jansAccessTknAsJwt': ['false'],
-                'jansAccessTknSigAlg': ['RS256'],
-                'jansAppTyp': ['web'],
-                'jansAttrs': ['{"tlsClientAuthSubjectDn":"","runIntrospectionScriptBeforeJwtCreation":false,"keepClientAuthorizationAfterExpiration":false,"allowSpontaneousScopes":false,"spontaneousScopes":[],"spontaneousScopeScriptDns":[],"backchannelLogoutUri":[],"backchannelLogoutSessionRequired":false,"additionalAudience":[],"postAuthnScripts":[],"consentGatheringScripts":[],"introspectionScripts":[],"rptClaimsScripts":[]}'],
-                'jansClntSecret': [Config.jca_client_encoded_pw],
-                'jansDisabled': ['false'],
-                'jansGrantTyp': ['authorization_code', 'refresh_token', 'client_credentials'],
-                'jansIdTknSignedRespAlg': ['RS256'],
-                'jansInclClaimsInIdTkn': ['false'],
-                'jansLogoutSessRequired': ['false'],
-                'jansPersistClntAuthzs': ['true'],
-                'jansRespTyp': ['code'],
-                'jansRptAsJwt': ['false'],
-                'jansScope': jansUmaScopes_all,
-                'jansSubjectTyp': ['pairwise'],
-                'jansTknEndpointAuthMethod': ['client_secret_basic'],
-                'jansTrustedClnt': ['false'],
-                'jansRedirectURI': ['https://{}/admin-ui'.format(Config.hostname), 'http://localhost:4100']
-                })
-
-            clients_ldif_fd.close()
+            create_client = False
+
+        if create_client:
+            create_client_ldif(
+                ldif_fn=self.clients_ldif_fn,
+                client_id=Config.jca_client_id,
+                encoded_pw=Config.jca_client_encoded_pw,
+                scopes=jansUmaScopes_all,
+                redirect_uri=['https://{}/admin-ui'.format(Config.hostname), 'http://localhost:4100']
+                )
+
             self.load_ldif_files.append(self.clients_ldif_fn)
 
+
     def render_import_templates(self):
 
         Config.templateRenderingDict['configOauthEnabled'] = 'false' if base.argsp.disable_config_api_security else 'true'

@@ -18,6 +18,7 @@
 from setup_app.static import InstallTypes, AppType, InstallOption
 from setup_app.config import Config
 from setup_app.utils.setup_utils import SetupUtils
+from setup_app.utils.ldif_utils import create_client_ldif
 from setup_app.utils.progress import jansProgress
 from setup_app.installers.base import BaseInstaller
 
@@ -430,6 +431,45 @@ def import_custom_ldif_dir(self, ldif_dir):
                 self.logIt("Error importing custom ldif file {}".format(ldif), True)
 
 
+    def create_test_client(self):
+        ldif_fn = self.clients_ldif_fn = os.path.join(Config.output_dir, 'test-client.ldif')
+        client_pw = base.argsp.test_client_secret or self.getPW()
+        encoded_pw = self.obscure(client_pw)
+        trusted_client = base.argsp.test_client_trusted or 'false'
+
+        if base.argsp.test_client_redirect_uri:
+            redirect_uri = base.argsp.test_client_redirect_uri.split(',')
+        else:
+            redirect_uri = ['https://{}/admin-ui'.format(Config.hostname), 'http://localhost:4100']
+
+        result = self.dbUtils.search('ou=scopes,o=jans', search_filter='(objectClass=jansScope)', fetchmany=True)
+        scopes = [ scope[1]['dn'] for scope in result ]
+
+        create_client_ldif(
+                ldif_fn=ldif_fn,
+                client_id=base.argsp.test_client_id,
+                encoded_pw=encoded_pw,
+                scopes=scopes,
+                redirect_uri=redirect_uri,
+                trusted_client=trusted_client
+                )
+
+        self.dbUtils.import_ldif([ldif_fn])
+
+        Config.test_client_id = base.argsp.test_client_id
+        Config.test_client_pw = client_pw
+        Config.test_client_pw_encoded = encoded_pw
+        Config.test_client_redirect_uri = redirect_uri
+        Config.test_client_trusted_client = trusted_client
+        Config.test_client_scopes = ' '.join(scopes)
+
+
+    def post_install_before_saving_properties(self):
+
+        if base.argsp.test_client_id:
+            self.create_test_client()
+
+
     def post_install_tasks(self):
 
         self.deleteLdapPw()

@@ -1,6 +1,9 @@
 import os
+import sys
+import uuid
 import argparse
 
+from setup_app import static
 from setup_app.version import __version__
 from setup_app.utils import base
 
@@ -101,6 +104,12 @@
     spanner_cred_group.add_argument('-spanner-emulator-host', help="Use Spanner emulator host")
     spanner_cred_group.add_argument('-google-application-credentials', help="Path to Google application credentials json file")
 
+    # test-client
+    parser.add_argument('-test-client-id', help="ID of test client which has all available scopes. Must be in UUID format.")
+    parser.add_argument('-test-client-secret', help="Secret for test client")
+    parser.add_argument('-test-client-redirect-uri', help="Redirect URI for test client")
+    parser.add_argument('--test-client-trusted', help="Make test client trusted", action='store_true')
+
 else:
     # openbanking
     parser.add_argument('--no-external-key', help="Don't use external key", action='store_true')
@@ -135,5 +144,13 @@ def add_to_me(you):
 
 
 def get_parser():
-    argsp = parser.parse_known_args()
-    return argsp[0]
+    argsp, others = parser.parse_known_args()
+    if argsp.test_client_id:
+        try:
+            uuid.UUID(argsp.test_client_id)
+        except:
+            sys.stderr.write("{}-test-client-id should be in UUID format{}\n".format(static.colors.DANGER, static.colors.ENDC))
+            sys.stderr.flush()
+            sys.exit(2)
+
+    return argsp
@@ -5,7 +5,7 @@
 from collections import OrderedDict
 
 from ldap3.utils import dn as dnutils
-from setup_app.pylib.ldif4.ldif import LDIFParser
+from setup_app.pylib.ldif4.ldif import LDIFParser, LDIFWriter
 from setup_app.pylib.schema import AttributeType, ObjectClass
 from setup_app.utils.attributes import attribDataTypes
 from setup_app.config import Config
@@ -155,3 +155,36 @@ def schema2json(schema_file, out_dir=None):
     schema_str = json.dumps(jans_schema, indent=2)
     with open(out_file, 'w') as w:
         w.write(schema_str)
+
+def create_client_ldif(ldif_fn, client_id, encoded_pw, scopes, redirect_uri, trusted_client='false'):
+    clients_ldif_fd = open(ldif_fn, 'wb')
+    ldif_clients_writer = LDIFWriter(clients_ldif_fd, cols=1000)
+    client_dn = 'inum={},ou=clients,o=jans'.format(client_id)
+
+    ldif_clients_writer.unparse(
+        client_dn, {
+        'objectClass': ['top', 'jansClnt'],
+        'del': ['false'],
+        'displayName': ['Jans Config Api Client'],
+        'inum': [client_id],
+        'jansAccessTknAsJwt': ['false'],
+        'jansAccessTknSigAlg': ['RS256'],
+        'jansAppTyp': ['web'],
+        'jansAttrs': ['{"tlsClientAuthSubjectDn":"","runIntrospectionScriptBeforeJwtCreation":false,"keepClientAuthorizationAfterExpiration":false,"allowSpontaneousScopes":false,"spontaneousScopes":[],"spontaneousScopeScriptDns":[],"backchannelLogoutUri":[],"backchannelLogoutSessionRequired":false,"additionalAudience":[],"postAuthnScripts":[],"consentGatheringScripts":[],"introspectionScripts":[],"rptClaimsScripts":[]}'],
+        'jansClntSecret': [encoded_pw],
+        'jansDisabled': ['false'],
+        'jansGrantTyp': ['authorization_code', 'refresh_token', 'client_credentials'],
+        'jansIdTknSignedRespAlg': ['RS256'],
+        'jansInclClaimsInIdTkn': ['false'],
+        'jansLogoutSessRequired': ['false'],
+        'jansPersistClntAuthzs': ['true'],
+        'jansRespTyp': ['code'],
+        'jansRptAsJwt': ['false'],
+        'jansScope': scopes,
+        'jansSubjectTyp': ['pairwise'],
+        'jansTknEndpointAuthMethod': ['client_secret_basic'],
+        'jansTrustedClnt': [trusted_client],
+        'jansRedirectURI': redirect_uri
+        })
+
+    clients_ldif_fd.close()