JanssenProject · yurem · Dec 21, 2023 · Dec 20, 2023 · Dec 20, 2023 · Dec 21, 2023
@@ -148,7 +148,7 @@ def ami_packaged():
     from setup_app.installers.jans_casa import CasaInstaller
 
     from setup_app.installers.jans_saml import JansSamlInstaller
-
+    from setup_app.installers.jans_lock import JansLockInstaller
 
 from setup_app.installers.config_api import ConfigApiInstaller
 from setup_app.installers.jans_cli import JansCliInstaller
@@ -271,6 +271,7 @@ def ami_packaged():
     jans_link_installer = JansLinkInstaller()
     jans_keycloak_link_installer = JansKCLinkInstaller()
     jans_saml_installer = JansSamlInstaller()
+    jans_lock_installer = JansLockInstaller()
 
 jansCliInstaller = JansCliInstaller()
 
@@ -470,6 +471,10 @@ def do_installation():
                         not Config.installed_instance and Config.get(jans_saml_installer.install_var)):
                     jans_saml_installer.start_installation()
 
+                if (Config.installed_instance and jans_lock_installer.install_var in Config.addPostSetupService) or (
+                        not Config.installed_instance and Config.get(jans_lock_installer.install_var)):
+                    jans_lock_installer.start_installation()
+
             # if (Config.installed_instance and 'installOxd' in Config.addPostSetupService) or (not Config.installed_instance and Config.installOxd):
             #    oxdInstaller.start_installation()
             jansInstaller.post_install_before_saving_properties()

@@ -208,6 +208,7 @@ def progress(self, service_name, msg, incr=False):
         self.allowPreReleasedFeatures = False
         self.install_jans_saml = False
         self.install_jans_keycloak_link = False
+        self.install_jans_lock = False
 
         # backward compatibility
         self.os_type = base.os_type

@@ -15,7 +15,7 @@
     "memory": {
       "max_allowed_mb": 512,
       "jvm_heap_ration": 0.7,
-      "ratio": 0.10
+      "ratio": 0.08
     },
     "jetty": {
       "modules": "server,deploy,resources,http,http-forwarded,threadpool,console-capture,jsp"
@@ -39,7 +39,7 @@
     "memory": {
       "max_allowed_mb": 1024,
       "jvm_heap_ration": 0.7,
-      "ratio": 0.10
+      "ratio": 0.08
     },
     "jetty": {
       "modules": "server,deploy,resources,http,http-forwarded,console-capture,jsp,websocket"
@@ -63,7 +63,7 @@
     "memory": {
       "max_allowed_mb": 1024,
       "jvm_heap_ration": 0.7,
-      "ratio": 0.10
+      "ratio": 0.08
     },
     "jetty": {
       "modules": "server,deploy,resources,http,http-forwarded,console-capture,jsp,websocket"
@@ -88,12 +88,24 @@
     "memory": {
       "max_allowed_mb": 1024,
       "jvm_heap_ration": 0.7,
-      "ratio": 0.10
+      "ratio": 0.08
     },
     "jetty": {
       "modules": "server,deploy,resources,http,http-forwarded,console-capture,jsp,websocket"
     },
     "installed": false,
     "name": "jans-keycloak-link"
+  },
+  "jans-lock": {
+    "memory": {
+      "max_allowed_mb": 1024,
+      "jvm_heap_ration": 0.7,
+      "ratio": 0.08
+    },
+    "jetty": {
+      "modules": "server,deploy,resources,http,http-forwarded,console-capture,jsp,websocket"
+    },
+    "installed": false,
+    "name": "jans-lock"
   }
 }
@@ -49,7 +49,8 @@ def start_installation(self):
 
     def render_unit_file(self, unit=None):
         # render unit file
-
+        if getattr(self, 'no_unit_file', False):
+            return
         units = self.get_systemd_service_list(unit)
 
         for unit in units:

@@ -77,12 +77,15 @@ def get_install_string(prefix, install_var):
             txt += get_install_string('Install Auth Server', 'installOxAuth')
             txt += get_install_string('Install Jans Config API', 'install_config_api')
             if Config.profile == 'jans':
-                txt += get_install_string('Install Fido2 Server', 'installFido2')
-                txt += get_install_string('Install Scim Server', 'install_scim_server')
-                txt += get_install_string('Install Jans Link Server', 'install_jans_link')
-                txt += get_install_string('Install Jans KC Link Server', 'install_jans_keycloak_link')
-                txt += get_install_string('Install Jans Casa Server', 'install_casa')
-                txt += get_install_string('Install Jans SAML', 'install_jans_saml')
+                for prompt_str, install_var in (
+                        ('Install Fido2 Server', 'installFido2'),
+                        ('Install Scim Server', 'install_scim_server'),
+                        ('Install Jans Link Server', 'install_jans_link'),
+                        ('Install Jans KC Link Server', 'install_jans_keycloak_link'),
+                        ('Install Jans Casa Server', 'install_casa'),
+                        ('Install Jans Lock', 'install_jans_lock'),
+                        ('Install Jans SAML', 'install_jans_saml')):
+                    txt += get_install_string(prompt_str, install_var)
 
 
             if Config.profile == 'jans' and Config.installEleven:
@@ -637,6 +640,7 @@ def order_services(self):
                         ('jans-fido2', 'installFido2'),
                         ('jans-link', 'install_jans_link'),
                         ('jans-scim', 'install_scim_server'),
+                        ('jans-lock', 'install_jans_lock_as_server'),
                         ('saml', 'install_jans_saml'),
                         ('jans-keycloak-link', 'install_jans_keycloak_link'),
                         ]

@@ -0,0 +1,77 @@
+import os
+import glob
+import shutil
+from pathlib import Path
+
+from setup_app import paths
+from setup_app.utils import base
+from setup_app.static import AppType, InstallOption
+from setup_app.config import Config
+from setup_app.installers.jetty import JettyInstaller
+
+Config.jans_lock_port = '8076'
+
+class JansLockInstaller(JettyInstaller):
+
+    source_files = [
+                (os.path.join(Config.dist_jans_dir, 'jans-lock.war'), os.path.join(base.current_app.app_info['JANS_MAVEN'], 'maven/io/jans/jans-lock-server/{0}/jans-lock-server-{0}.war').format(base.current_app.app_info['jans_version'])),
+                (os.path.join(Config.dist_jans_dir, 'jans-lock-service.jar'), os.path.join(base.current_app.app_info['JANS_MAVEN'], 'maven/io/jans/jans-lock-service/{0}/jans-lock-service-{0}.jar').format(base.current_app.app_info['jans_version'])),
+                ]
+
+    def __init__(self):
+        setattr(base.current_app, self.__class__.__name__, self)
+        self.service_name = 'jans-lock'
+        self.needdb = True
+        self.app_type = AppType.SERVICE
+        self.install_type = InstallOption.OPTONAL
+        self.install_var = 'install_jans_lock'
+        self.register_progess()
+
+        self.output_dir = os.path.join(Config.output_dir, self.service_name)
+        self.template_dir = os.path.join(Config.templateFolder, self.service_name)
+        self.dynamic_conf_json = os.path.join(self.output_dir, 'dynamic-conf.json')
+        self.error_json = os.path.join(self.output_dir, 'errors.json')
+        self.static_conf_json = os.path.join(self.output_dir, 'static-conf.json')
+        self.config_ldif = os.path.join(self.output_dir, 'config.ldif')
+
+    def install(self):
+
+        if Config.get('install_jans_lock_as_server'):
+            self.install_as_server()
+        else:
+            self.no_unit_file = True
+            self.install_as_service()
+
+
+    def install_as_server(self):
+        self.installJettyService(self.jetty_app_configuration[self.service_name], True)
+        self.logIt(f"Copying {self.source_files[0][0]} into jetty webapps folder...")
+        self.copyFile(self.source_files[0][0], self.jetty_service_webapps)
+        self.enable()
+
+    def install_as_service(self):
+        plugin_name = os.path.basename(self.source_files[1][0])
+        self.logIt(f"Adding plugin {plugin_name} to jans-auth")
+        self.copyFile(self.source_files[1][0], base.current_app.JansAuthInstaller.custom_lib_dir)
+        plugin_class_path = os.path.join(base.current_app.JansAuthInstaller.custom_lib_dir, plugin_name)
+        base.current_app.JansAuthInstaller.add_extra_class(plugin_class_path)
+        self.chown(plugin_class_path, Config.jetty_user, Config.jetty_group)
+
+
+    def render_import_templates(self):
+
+        self.renderTemplateInOut(self.dynamic_conf_json, self.template_dir, self.output_dir)
+        self.renderTemplateInOut(self.error_json, self.template_dir, self.output_dir)
+        self.renderTemplateInOut(self.static_conf_json, self.template_dir, self.output_dir)
+
+        Config.templateRenderingDict['lock_dynamic_conf_base64'] = self.generate_base64_file(self.dynamic_conf_json, 1)
+        Config.templateRenderingDict['lock_error_base64'] = self.generate_base64_file(self.error_json, 1)
+        Config.templateRenderingDict['lock_static_conf_base64'] = self.generate_base64_file(self.static_conf_json, 1)
+
+        self.renderTemplateInOut(self.config_ldif, self.template_dir, self.output_dir)
+
+        ldif_files = [self.config_ldif]
+        self.dbUtils.import_ldif(ldif_files)
+
+    def installed(self):
+        return os.path.exists(self.jetty_service_webapps) or os.path.exists(os.path.join(base.current_app.JansAuthInstaller.custom_lib_dir, os.path.basename(self.source_files[1][0])))
@@ -339,6 +339,7 @@ def calculate_selected_aplications_memory(self):
                                     ('installFido2', 'jans-fido2'),
                                     ('install_config_api', 'jans-config-api'),
                                     ('installEleven', 'jans-eleven'),
+                                    ('install_jans_lock_as_server', 'jans-lock'),
                                     ]:
 
             if Config.get(config_var) and service in self.jetty_app_configuration:

@@ -22,6 +22,7 @@ def get_setup_options():
         'install_jans_keycloak_link': False,
         'install_casa': False,
         'install_jans_saml': False,
+        'install_jans_lock': False,
         'loadTestData': False,
         'allowPreReleasedFeatures': False,
         'listenAllInterfaces': False,
@@ -115,6 +116,8 @@ def get_setup_options():
             setupOptions['install_casa'] = True
         if base.argsp.install_jans_saml:
             setupOptions['install_jans_saml'] = True
+        if base.argsp.install_jans_lock:
+            setupOptions['install_jans_lock'] = True
 
         if base.argsp.jans_max_mem:
             setupOptions['jans_max_mem'] = base.argsp.jans_max_mem

@@ -101,6 +101,8 @@
 
     parser.add_argument('--with-casa', help="Install Jans Casa Server", action='store_true')
     parser.add_argument('--install-jans-saml', help="Install Jans SAML", action='store_true')
+    parser.add_argument('--install-jans-lock', help="Install Jans Lock", action='store_true')
+
     #parser.add_argument('--oxd-use-jans-storage', help="Use Jans Storage for Oxd Server", action='store_true')
     parser.add_argument('--load-config-api-test', help="Load Config Api Test Data", action='store_true')
 

@@ -647,6 +647,33 @@ def prompt_to_install(self, install_var):
 
         return True
 
+
+    def pompt_for_jans_lock(self):
+        if not self.prompt_to_install('install_jans_lock'):
+            return
+
+        prompt = self.getPrompt("Install Jans Lock?",
+                                            self.getDefaultOption(Config.install_jans_lock)
+                                            )[0].lower()
+
+
+
+        if prompt == 'y':
+            prompt = self.getPrompt("Install Jans Lock as Server?",
+                                            self.getDefaultOption(Config.install_jans_lock)
+                                            )[0].lower()
+            if prompt == 'y':
+                Config.install_jans_lock = True
+                Config.install_jans_lock_as_server = True
+            else:
+                prompt = self.getPrompt("Install Jans Lock as Auth Service?", self.getDefaultOption(True))[0].lower()
+                if prompt == 'y':
+                    Config.install_jans_lock = True
+
+
+        if Config.installed_instance and Config.install_jans_lock:
+            Config.addPostSetupService.append('install_jans_lock')
+
     def prompt_for_jans_saml(self):
         if not self.prompt_to_install('install_jans_saml'):
             return
@@ -1016,7 +1043,7 @@ def promptForProperties(self):
             self.prompt_for_jans_link()
             self.prompt_for_jans_keycloak_link()
             self.prompt_for_casa()
-
+            self.pompt_for_jans_lock()
             self.prompt_for_jans_saml()
             #self.promptForEleven()
             #if (not Config.installOxd) and Config.oxd_package:

@@ -0,0 +1,13 @@
+[Unit]
+Description=Janssen Lock Service
+After=%(order_jans_lock_service)s
+
+[Service]
+Type=forking
+ExecStart=/opt/dist/scripts/jans-lock start
+ExecStop=/opt/dist/scripts/jans-lock stop
+User=jetty
+Group=jetty
+
+[Install]
+WantedBy=multi-user.target
@@ -103,6 +103,13 @@
         Allow from all 
     </Location>
 
+    <Location /jans-lock>
+        Header edit Set-Cookie ^((?!opbs|session_state).*)$ $1;HttpOnly
+        ProxyPass http://localhost:%(jans_lock_port)s/jans-lock retry=5 connectiontimeout=60 timeout=60
+        Order deny,allow
+        Allow from all 
+    </Location>
+
     <LocationMatch /jans-auth/auth/cert/cert-login.htm>
         SSLVerifyClient optional_no_ca
         SSLVerifyDepth 10

@@ -0,0 +1,11 @@
+JAVA_HOME=%(jre_home)s
+JAVA=$JAVA_HOME/bin/java
+JAVA_OPTIONS="-server -Xms%(jans-lock_min_heap_mem)sm -Xmx%(jans-lock_max_heap_mem)sm -XX:+DisableExplicitGC -Djans.base=%(jansBaseFolder)s -Dserver.base=%(jetty_base)s/jans-lock -Dlog.base=%(jetty_base)s/jans-lock -Dpython.home=%(jython_home)s"
+
+JETTY_HOME=%(jetty_home)s
+JETTY_BASE=%(jetty_base)s/jans-lock
+JETTY_USER=%(jetty_user)s
+JETTY_ARGS="jetty.http.host=localhost jetty.http.port=%(jans_lock_port)s"
+TMPDIR=%(jetty_dist)s/temp
+
+export PYTHON_HOME=%(jython_home)s