@Nonnull public ConsumerEntity build() { String publicKey; if (consumer.getPublicKey() != null) { publicKey = RSAKeys.toPemEncoding(consumer.getPublicKey()); } else { publicKey = null; } return new ConsumerEntity(self, consumer.getKey(), consumer.getName(), consumer.getDescription(), consumer.getSignatureMethod().name(), publicKey, consumer.getCallback(), consumer.getTwoLOAllowed(), consumer.getExecutingTwoLOUser(), consumer.getTwoLOImpersonationAllowed() ); } }
public boolean incomingEnabled(final ApplicationLink applicationLink) { final Consumer consumer = serviceProviderStoreService.getConsumer(applicationLink); return consumer != null && consumer.getTwoLOAllowed() && consumer.getTwoLOImpersonationAllowed(); }
@Nonnull public static OAuthConfig fromConsumer(@Nullable Consumer consumer) { if (consumer == null) { return OAuthConfig.createDisabledConfig(); } return OAuthConfig.fromConfig( consumer.getThreeLOAllowed(), consumer.getTwoLOAllowed(), consumer.getTwoLOImpersonationAllowed() ); }
/** * Converts a {@code Consumer} to an {@code OAuthConsumer}, uses the {@code sharedSecret} in the * {@code OAuthConsumer}s constructor so that it is suitable for signing. * * @param consumer {@code Consumer} to be converted to an {@code OAuthConsumer} * @param sharedSecret shared secret to use to sign requests * @param oauthServiceProvider {@code OAuthServiceProvider} to set as the {@link OAuthConsumer#serviceProvider} attribute * @return {@code OAuthConsumer} converted from the {@code Consumer} */ public static OAuthConsumer asOAuthConsumer(Consumer consumer, String sharedSecret, OAuthServiceProvider oauthServiceProvider) { checkNotNull(consumer, "consumer"); checkNotNull(oauthServiceProvider, "oauthServiceProvider"); String callback = consumer.getCallback() != null ? consumer.getCallback().toString() : null; OAuthConsumer oauthConsumer = new OAuthConsumer(callback, consumer.getKey(), sharedSecret, oauthServiceProvider); oauthConsumer.setProperty(ConsumerProperty.NAME, consumer.getName()); oauthConsumer.setProperty(ConsumerProperty.DESCRIPTION, consumer.getDescription()); if (consumer.getSignatureMethod() == SignatureMethod.RSA_SHA1) { oauthConsumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.RSA_SHA1); oauthConsumer.setProperty(RSA_SHA1.PUBLIC_KEY, consumer.getPublicKey()); } else { oauthConsumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.HMAC_SHA1); } return oauthConsumer; }
private boolean jwtWasIssuedByHost(String issuer) { try { final String consumerKey = consumerService.getConsumer().getKey(); log.debug("jwtWasIssuedByHost: consumer-key='{}', issuer='{}'", consumerKey, issuer); return consumerKey.equals(issuer); } catch(ConsumerCreationException e) { log.error("Could not get the consumer that provides issuer Id.", e); } return false; }
@Test public void testServiceProviderConsumerStoreCanStoreConfiguration() throws Exception { PublicKey publicKey = RSAKeys.fromPemEncodingToPublicKey(CONSUMER_PUBLIC_KEY); final Consumer consumer = Consumer.key(CONSUMER_KEY) .name("Test Consumer Name") .publicKey(publicKey) .description("Consumer Description") .callback(URI.create(appProp.getBaseUrl() + "/consumer/oauthcallback1")) .build(); consumerStore.put(consumer); final Consumer savedConsumer = consumerStore.get(CONSUMER_KEY); assertEquals(CONSUMER_KEY, savedConsumer.getKey()); assertEquals("Test Consumer Name", savedConsumer.getName()); assertEquals(publicKey, savedConsumer.getPublicKey()); assertEquals("Consumer Description", savedConsumer.getDescription()); assertEquals(URI.create(appProp.getBaseUrl() + "/consumer/oauthcallback1"), savedConsumer.getCallback()); }
@Test public void testDefault2LOParametersAreAppropriateIfLeftUntouched() throws Exception { PublicKey publicKey = RSAKeys.fromPemEncodingToPublicKey(CONSUMER_PUBLIC_KEY); final Consumer consumer = Consumer.key(CONSUMER_KEY) .name("Test Consumer Name") .publicKey(publicKey) .description("Consumer Description") .callback(URI.create(appProp.getBaseUrl() + "/consumer/oauthcallback1")) .build(); consumerStore.put(consumer); final Consumer savedConsumer = consumerStore.get(CONSUMER_KEY); assertFalse(savedConsumer.getTwoLOAllowed()); assertNull(savedConsumer.getExecutingTwoLOUser()); assertFalse(savedConsumer.getTwoLOImpersonationAllowed()); }
/** * Convert a given {@code token} to an {@link net.oauth.OAuthConsumer} * * @param token the {@link com.atlassian.oauth.serviceprovider.ServiceProviderToken} to convert * @return the {@link net.oauth.OAuthConsumer} */ public static OAuthConsumer toOAuthConsumer(ServiceProviderToken token) { String callback = token.getCallback() != null ? token.getCallback().toString() : null; final OAuthConsumer consumer = new OAuthConsumer(callback, token.getConsumer().getKey(), null, null); consumer.setProperty(NAME, token.getConsumer().getName()); consumer.setProperty(DESCRIPTION, token.getConsumer().getDescription()); consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.RSA_SHA1); consumer.setProperty(RSA_SHA1.PUBLIC_KEY, token.getConsumer().getPublicKey()); return consumer; }
private String createEventDataInternal(String pluginKey, String eventType, Optional<OAuthClient> oauthClient) { final Consumer consumer = checkNotNull(consumerService.getConsumer()); // checkNotNull() otherwise we NPE below ConnectAddonEventDataBuilder dataBuilder = newConnectAddonEventData(); String baseUrl = applicationProperties.getBaseUrl(UrlMode.CANONICAL); dataBuilder.withBaseUrl(nullToEmpty(baseUrl)) .withPluginKey(pluginKey) .withClientKey(nullToEmpty(consumer.getKey())) .withPublicKey(nullToEmpty(RSAKeys.toPemEncoding(consumer.getPublicKey()))) .withPluginsVersion(nullToEmpty(getConnectPluginVersion())) .withServerVersion(nullToEmpty(applicationProperties.getBuildNumber())) .withServiceEntitlementNumber(nullToEmpty(licenseRetriever.getServiceEntitlementNumber(pluginKey))) .withProductType(nullToEmpty(productAccessor.getKey())) .withDescription(nullToEmpty(consumer.getDescription())) .withEventType(eventType); if (darkFeatureManager.isFeatureEnabledForCurrentUser(DARK_FEATURE_OAUTH2_IMPERSONATION)) { dataBuilder.withOauthClient(oauthClient); } else { dataBuilder.withSharedSecret(oauthClient.map(OAuthClient::getSharedSecret).orElse(null)); } ConnectAddonEventData data = dataBuilder.build(); return ConnectModulesGsonFactory.toJson(data); }
public Consumer updateHostConsumerInformation(String name, String description, URI callback) { ConsumerAndSecret cas = hostCasProvider.get(); Consumer oldConsumer = cas.getConsumer(); Consumer newConsumer = Consumer.key(oldConsumer.getKey()) .signatureMethod(oldConsumer.getSignatureMethod()) .publicKey(oldConsumer.getPublicKey()) .name(name) .description(description) .callback(callback) .build(); if (newConsumer.getSignatureMethod() == SignatureMethod.HMAC_SHA1) { cas = new ConsumerAndSecret(cas.getServiceName(), newConsumer, cas.getSharedSecret()); } else { cas = new ConsumerAndSecret(cas.getServiceName(), newConsumer, cas.getPrivateKey()); } return hostCasProvider.put(cas).getConsumer(); }
private List<OrphanedTrustCertificate> findOrphanedOAuthServiceProviders() { final List<OrphanedTrustCertificate> orphanedTrustCertificates = new ArrayList<OrphanedTrustCertificate>(); final List<String> registeredServiceProviders = findRegisteredServiceProviders(); final Iterable<Consumer> allServiceProviders = consumerService.getAllServiceProviders(); for (Consumer serviceProvider : allServiceProviders) { if (!registeredServiceProviders.contains(serviceProvider.getKey())) { log.debug("Found orphaned Service Provider with consumer key '" + serviceProvider.getKey() + "' and name '" + serviceProvider.getName() + "'"); orphanedTrustCertificates.add( new OrphanedTrustCertificate(serviceProvider.getKey(), serviceProvider.getDescription(), OrphanedTrustCertificate.Type.OAUTH_SERVICE_PROVIDER) ); } } return orphanedTrustCertificates; }
if (!consumer.getTwoLOImpersonationAllowed()) { LOG.info("2-Legged-OAuth with Impersonation request has been attempted but 2-Legged-OAuth with Impersonation is not enabled for consumer:'{}'. Cannot access resource as user '{}'", consumer.getName(), userId); sendError(response, HttpServletResponse.SC_UNAUTHORIZED, message); return new Authenticator.Result.Failure(new OAuthProblem.PermissionDenied(userId)); } else { if (!consumer.getTwoLOAllowed()) { LOG.info("2-Legged-OAuth request has been attempted but 2-Legged-OAuth is not enabled for consumer:'{}'.", consumer.getName()); sendError(response, HttpServletResponse.SC_UNAUTHORIZED, message); return new Authenticator.Result.Failure(new OAuthProblem.PermissionDenied()); if (StringUtils.isBlank(consumer.getExecutingTwoLOUser())) { LOG.debug("No executing user assigned for 2LO requests"); user = null; } else { LOG.debug("User assigned for 2LO requests is '" + consumer.getExecutingTwoLOUser() + "'"); user = userManager.resolve(consumer.getExecutingTwoLOUser()); RequestAnnotations.setOAuthConsumerKey(request, consumer.getKey()); return getUserLoginResult(request, response, message, consumer, user);
final Consumer existingConsumerDuplicatedKey = consumerService.getConsumerByKey(consumerKey); if (existingConsumerDuplicatedServiceName != null) { fieldErrorMessages.put(NAME_PARAMETER, messageFactory.newI18nMessage("auth.oauth.config.consumer.serviceprovider.service.name.exists", existingConsumerDuplicatedServiceName.getKey())); fieldErrorMessages.put(CONSUMER_KEY_PARAMETER, messageFactory.newI18nMessage("auth.oauth.config.consumer.serviceprovider.consumer.key.exists", existingConsumerDuplicatedKey.getName())); SERVICE_PROVIDER_ACCESS_TOKEN_URL, accessTokenUrl, SERVICE_PROVIDER_AUTHORIZE_URL, authorizeUrl)); final Consumer consumer = Consumer.key(consumerKey) .name(name) .signatureMethod(Consumer.SignatureMethod.HMAC_SHA1)
@Test public void testServiceProviderConsumerStoreCanStoreConsumerWith2LOWithImpersonationEnabledIndependently() throws Exception { PublicKey publicKey = RSAKeys.fromPemEncodingToPublicKey(CONSUMER_PUBLIC_KEY); final Consumer consumer = Consumer.key(CONSUMER_KEY) .name("Test Consumer Name") .publicKey(publicKey) .description("Consumer Description") .callback(URI.create(appProp.getBaseUrl() + "/consumer/oauthcallback1")) .threeLOAllowed(false) .twoLOImpersonationAllowed(true) .build(); consumerStore.put(consumer); final Consumer savedConsumer = consumerStore.get(CONSUMER_KEY); assertFalse(savedConsumer.getThreeLOAllowed()); assertFalse(savedConsumer.getTwoLOAllowed()); assertTrue(savedConsumer.getTwoLOImpersonationAllowed()); }
private List<OrphanedTrustCertificate> findOrphanedOAuthConsumers() { final List<OrphanedTrustCertificate> orphanedTrustCertificates = new ArrayList<>(); final Set<String> recognisedConsumerKeys = new HashSet<>(); for (final ApplicationLink link : applicationLinkService.getApplicationLinks()) { final Consumer consumer = serviceProviderStoreService.getConsumer(link); if (consumer != null) { recognisedConsumerKeys.add(consumer.getKey()); } } for (final Consumer consumer : serviceProviderConsumerStore.getAll()) { if (!recognisedConsumerKeys.contains(consumer.getKey())) { orphanedTrustCertificates.add( new OrphanedTrustCertificate(consumer.getKey(), consumer.getDescription(), OrphanedTrustCertificate.Type.OAUTH) ); } } return orphanedTrustCertificates; }
consumer = Consumer.key(consumerKey) .name(name) .publicKey(publicKey)
@Test public void testIfConsumerDoesNotHave3LOFlagDefinedThenItIsConsideredOn() throws Exception { PublicKey publicKey = RSAKeys.fromPemEncodingToPublicKey(CONSUMER_PUBLIC_KEY); final Consumer consumer = Consumer.key(CONSUMER_KEY) .name("Test Consumer Name") .publicKey(publicKey) .description("Consumer Description") .callback(URI.create(appProp.getBaseUrl() + "/consumer/oauthcallback1")) .build(); consumerStore.put(consumer); final Consumer savedConsumer = consumerStore.get(CONSUMER_KEY); assertTrue(savedConsumer.getThreeLOAllowed()); }
@Test public void testServiceProviderConsumerStoreCanStoreOAuth2LOConfiguration() throws Exception { PublicKey publicKey = RSAKeys.fromPemEncodingToPublicKey(CONSUMER_PUBLIC_KEY); final Consumer consumer = Consumer.key(CONSUMER_KEY) .name("Test Consumer Name") .publicKey(publicKey) .description("Consumer Description") .callback(URI.create(appProp.getBaseUrl() + "/consumer/oauthcallback1")) .twoLOAllowed(true) .executingTwoLOUser("2lo_user") .build(); consumerStore.put(consumer); final Consumer savedConsumer = consumerStore.get(CONSUMER_KEY); assertTrue(savedConsumer.getTwoLOAllowed()); assertEquals("2lo_user", savedConsumer.getExecutingTwoLOUser()); }
@Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { response.setContentType("application/xml;charset=UTF-8"); Consumer consumer = store.getConsumer(); Map<String, Object> context = ImmutableMap.of( "consumer", consumer, "encodedPublicKey", RSAKeys.toPemEncoding(consumer.getPublicKey()) ); try { renderer.render("view.xml.vm", context, response.getWriter()); } catch (RenderingException e) { throw new ServletException(e); } catch (ConsumerCreationException e) { throw new ServletException(e); } } }
if (!token.getConsumer().getKey().equals(message.getConsumerKey())) { if (LOG.isDebugEnabled()) { LOG.debug(String.format("3-Legged-OAuth token rejected. Service Provider Token, for Consumer provided token [%s], consumer key [%s] does not match request consumer key [%s]", tokenStr, token.getConsumer().getKey(), message.getConsumerKey())); consumer = validateConsumer(message); if (!consumer.getThreeLOAllowed()) { LOG.info("3-Legged-OAuth request has been attempted but 3-Legged-OAuth is not enabled for consumer:'{}'." + consumer.getKey()); throw new OAuthProblemException(PERMISSION_DENIED); RequestAnnotations.setOAuthConsumerKey(request, consumer.getKey()); LOG.debug(String.format("3-Legged-OAuth successful. Request marked with consumer key set to [%s]", consumer.getKey()));