@Override protected AuthnMethod editAuthnMethod(IAP iap) { iap.setAudience(isSet(audience) ? audience : iap.getAudience()); iap.setJwtHeader(isSet(jwtHeader) ? jwtHeader : iap.getJwtHeader()); iap.setIssuerId(isSet(issuerId) ? issuerId : iap.getIssuerId()); iap.setIapVerifyKeyUrl(isSet(iapVerifyKeyUrl) ? iapVerifyKeyUrl : iap.getIapVerifyKeyUrl()); return iap; } }
public IAPConfig(Security security) { if (!security.getAuthn().getIap().isEnabled()) { return; } IAP iap = security.getAuthn().getIap(); this.enabled = iap.isEnabled(); if (StringUtils.isNotEmpty(iap.getAudience())) { this.audience = iap.getAudience(); } if (StringUtils.isNotEmpty(iap.getJwtHeader())) { this.jwtHeader = iap.getJwtHeader(); } if (StringUtils.isNotEmpty(iap.getIssuerId())) { this.issuerId = iap.getIssuerId(); } if (StringUtils.isNotEmpty(iap.getIapVerifyKeyUrl())) { this.iapVerifyKeyUrl = iap.getIapVerifyKeyUrl(); } } }
@Override public void validate(ConfigProblemSetBuilder p, IAP iap) { if (!iap.isEnabled()) { return; } if (iap.getAudience() == null) { p.addProblem(Problem.Severity.ERROR, "No Audience was supplied. You can retrieve this field from the IAP console: " + "https://cloud.google.com/iap/docs/signed-headers-howto#verify_the_id_token_header."); } } }
public boolean isEnabled() { return getOauth2().isEnabled() || getSaml().isEnabled() || getLdap().isEnabled() || getX509().isEnabled() || getIap().isEnabled(); }
/** * @return True if any core field in an authentication method has a non-empty value. "Core fields" * are generally required fields to make an authentication method work, such as client ID/secret, * or path to a certficate store. */ private boolean maybeShouldBeEnabled(Authn n) { OAuth2 o = n.getOauth2(); Saml s = n.getSaml(); Ldap l = n.getLdap(); IAP i = n.getIap(); // There isn't a good "core fields" for X509 return StringUtils.isNotEmpty(o.getClient().getClientId()) || StringUtils.isNotEmpty(o.getClient().getClientSecret()) || StringUtils.isNotEmpty(s.getIssuerId()) || StringUtils.isNotEmpty(s.getKeyStore()) || StringUtils.isNotEmpty(l.getUserDnPattern()) || StringUtils.isNotEmpty(l.getUserSearchBase()) || StringUtils.isNotEmpty(l.getUserSearchFilter()) || StringUtils.isNotEmpty(i.getAudience()); } }
@Override public void validate(ConfigProblemSetBuilder p, IAP iap) { if (!iap.isEnabled()) { return; } if (iap.getAudience() == null) { p.addProblem(Problem.Severity.ERROR, "No Audience was supplied. You can retrieve this field from the IAP console: " + "https://cloud.google.com/iap/docs/signed-headers-howto#verify_the_id_token_header."); } } }
public boolean isEnabled() { return getOauth2().isEnabled() || getSaml().isEnabled() || getLdap().isEnabled() || getX509().isEnabled() || getIap().isEnabled(); }
/** * @return True if any core field in an authentication method has a non-empty value. "Core fields" * are generally required fields to make an authentication method work, such as client ID/secret, * or path to a certficate store. */ private boolean maybeShouldBeEnabled(Authn n) { OAuth2 o = n.getOauth2(); Saml s = n.getSaml(); Ldap l = n.getLdap(); IAP i = n.getIap(); // There isn't a good "core fields" for X509 return StringUtils.isNotEmpty(o.getClient().getClientId()) || StringUtils.isNotEmpty(o.getClient().getClientSecret()) || StringUtils.isNotEmpty(s.getIssuerId()) || StringUtils.isNotEmpty(s.getKeyStore()) || StringUtils.isNotEmpty(l.getUserDnPattern()) || StringUtils.isNotEmpty(l.getUserSearchBase()) || StringUtils.isNotEmpty(l.getUserSearchFilter()) || StringUtils.isNotEmpty(i.getAudience()); } }
@Override protected AuthnMethod editAuthnMethod(IAP iap) { iap.setAudience(isSet(audience) ? audience : iap.getAudience()); iap.setJwtHeader(isSet(jwtHeader) ? jwtHeader : iap.getJwtHeader()); iap.setIssuerId(isSet(issuerId) ? issuerId : iap.getIssuerId()); iap.setIapVerifyKeyUrl(isSet(iapVerifyKeyUrl) ? iapVerifyKeyUrl : iap.getIapVerifyKeyUrl()); return iap; } }
public IAPConfig(Security security) { if (!security.getAuthn().getIap().isEnabled()) { return; } IAP iap = security.getAuthn().getIap(); this.enabled = iap.isEnabled(); if (StringUtils.isNotEmpty(iap.getAudience())) { this.audience = iap.getAudience(); } if (StringUtils.isNotEmpty(iap.getJwtHeader())) { this.jwtHeader = iap.getJwtHeader(); } if (StringUtils.isNotEmpty(iap.getIssuerId())) { this.issuerId = iap.getIssuerId(); } if (StringUtils.isNotEmpty(iap.getIapVerifyKeyUrl())) { this.iapVerifyKeyUrl = iap.getIapVerifyKeyUrl(); } } }
@Override protected GateConfig getGateConfig(ServiceSettings gate, Security security) { GateConfig config = new GateConfig(gate, security); if (security.getAuthn().getOauth2().isEnabled()) { config.spring = new SpringConfig(security); } else if (security.getAuthn().getSaml().isEnabled()) { config.saml = new SamlConfig(security); } else if (security.getAuthn().getLdap().isEnabled()) { config.ldap = new LdapConfig(security); } else if (security.getAuthn().getIap().isEnabled()) { config.google.iap = new IAPConfig(security); } if (security.getAuthn().getX509().isEnabled()) { config.x509 = new X509Config(security); } return config; } }
@Override protected GateConfig getGateConfig(ServiceSettings gate, Security security) { GateConfig config = new GateConfig(gate, security); if (security.getAuthn().getOauth2().isEnabled()) { config.spring = new SpringConfig(security); } else if (security.getAuthn().getSaml().isEnabled()) { config.saml = new SamlConfig(security); } else if (security.getAuthn().getLdap().isEnabled()) { config.ldap = new LdapConfig(security); } else if (security.getAuthn().getIap().isEnabled()) { config.google.iap = new IAPConfig(security); } if (security.getAuthn().getX509().isEnabled()) { config.x509 = new X509Config(security); } return config; } }
@Override protected GateConfig getGateConfig(ServiceSettings gate, Security security) { GateConfig config = new GateConfig(gate, security); if (security.getAuthn().getOauth2().isEnabled()) { config.security.oauth2 = security.getAuthn().getOauth2(); } else if (security.getAuthn().getSaml().isEnabled()) { config.saml = new SamlConfig(security); } else if (security.getAuthn().getLdap().isEnabled()) { config.ldap = new LdapConfig(security); } else if (security.getAuthn().getIap().isEnabled()) { config.google.iap = new IAPConfig(security); } if (security.getAuthn().getX509().isEnabled()) { config.x509 = new X509Config(security); } return config; } }
@Override protected GateConfig getGateConfig(ServiceSettings gate, Security security) { GateConfig config = new GateConfig(gate, security); if (security.getAuthn().getOauth2().isEnabled()) { config.security.oauth2 = security.getAuthn().getOauth2(); } else if (security.getAuthn().getSaml().isEnabled()) { config.saml = new SamlConfig(security); } else if (security.getAuthn().getLdap().isEnabled()) { config.ldap = new LdapConfig(security); } else if (security.getAuthn().getIap().isEnabled()) { config.google.iap = new IAPConfig(security); } if (security.getAuthn().getX509().isEnabled()) { config.x509 = new X509Config(security); } return config; } }