Refactoring iam-test-client properties parsing

indigo-iam · Nov 24, 2021 · 7d7ef32 · 7d7ef32
1 parent 618d6de
commit 7d7ef32
Show file tree

Hide file tree

Showing 6 changed files with 93 additions and 28 deletions.
diff --git a/iam-test-client/src/main/java/it/infn/mw/tc/IamAuthRequestOptionsService.java b/iam-test-client/src/main/java/it/infn/mw/tc/IamAuthRequestOptionsService.java
@@ -19,10 +19,10 @@
 
 public class IamAuthRequestOptionsService implements AuthRequestOptionsService {
 
-  IamClientConfig properties;
+  IamClientApplicationProperties properties;
 
 
-  public IamAuthRequestOptionsService(IamClientConfig properties) {
+  public IamAuthRequestOptionsService(IamClientApplicationProperties properties) {
     this.properties = properties;
   }
 

diff --git a/...n/java/it/infn/mw/tc/IamClientConfig.java → ...mw/tc/IamClientApplicationProperties.java b/...n/java/it/infn/mw/tc/IamClientConfig.java → ...mw/tc/IamClientApplicationProperties.java
@@ -1,13 +1,53 @@
 package it.infn.mw.tc;
 
-import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
-import org.mitre.oauth2.model.RegisteredClient;
+import java.util.List;
+
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
 
 @Component
 @ConfigurationProperties(prefix = "iam")
-public class IamClientConfig extends RegisteredClient {
+public class IamClientApplicationProperties {
+
+  public static class OidcClientProperties {
+    String clientId;
+    String clientSecret;
+    List<String> redirectUris;
+    String scope;
+
+    public String getClientId() {
+      return clientId;
+    }
+
+    public void setClientId(String clientId) {
+      this.clientId = clientId;
+    }
+
+    public String getClientSecret() {
+      return clientSecret;
+    }
+
+    public void setClientSecret(String clientSecret) {
+      this.clientSecret = clientSecret;
+    }
+
+    public List<String> getRedirectUris() {
+      return redirectUris;
+    }
+
+    public void setRedirectUris(List<String> redirectUris) {
+      this.redirectUris = redirectUris;
+    }
+
+    public String getScope() {
+      return scope;
+    }
+
+    public void setScope(String scope) {
+      this.scope = scope;
+    }
+  }
+
 
   public static class TlsConfig {
     String version = "TLSv1.2";
@@ -26,15 +66,16 @@ public void setUseGridTrustAnchors(boolean useGridTrustAnchors) {
     }
   }
 
-  String issuer;
-  String organizationName;
-  String extAuthnHint;
-  TlsConfig tls;
+  private String issuer;
+  private String organizationName;
+  private String extAuthnHint;
+  private TlsConfig tls;
+
+  private OidcClientProperties client;
 
-  boolean hideTokens = true;
+  private boolean hideTokens = true;
 
-  public IamClientConfig() {
-    setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC);
+  public IamClientApplicationProperties() {
   }
 
   public String getIssuer() { return issuer; }
@@ -64,4 +105,12 @@ public boolean isHideTokens() {
   public void setHideTokens(boolean hideTokens) {
     this.hideTokens = hideTokens;
   }
+
+  public OidcClientProperties getClient() {
+    return client;
+  }
+
+  public void setClient(OidcClientProperties client) {
+    this.client = client;
+  }
 }
diff --git a/iam-test-client/src/main/java/it/infn/mw/tc/IamTestClientApplication.java b/iam-test-client/src/main/java/it/infn/mw/tc/IamTestClientApplication.java
@@ -58,7 +58,7 @@ public class IamTestClientApplication extends WebSecurityConfigurerAdapter {
   OIDCAuthenticationFilter oidcFilter;
 
   @Autowired
-  IamClientConfig clientConfig;
+  IamClientApplicationProperties properties;
 
   @Autowired
   ClientHttpRequestFactory requestFactory;
@@ -139,7 +139,7 @@ public OpenIDAuthentication info(Principal principal) {
       auth.setIssuer(token.getIssuer());
       auth.setSub(token.getSub());
 
-      if (!clientConfig.isHideTokens()) {
+      if (!properties.isHideTokens()) {
         auth.setAccessToken(token.getAccessTokenValue());
         auth.setIdToken(token.getIdToken().getParsedString());
         auth.setRefreshToken(token.getRefreshTokenValue());
@@ -182,7 +182,8 @@ public String introspect(Principal principal, Model model) {
     String accessToken = token.getAccessTokenValue();
 
     String plainCreds =
-        String.format("%s:%s", clientConfig.getClientId(), clientConfig.getClientSecret());
+        String.format("%s:%s", properties.getClient().getClientId(),
+            properties.getClient().getClientSecret());
 
     String base64Creds = new String(java.util.Base64.getEncoder().encode(plainCreds.getBytes()));
 
@@ -196,7 +197,7 @@ public String introspect(Principal principal, Model model) {
     HttpEntity<?> request = new HttpEntity<>(body, headers);
 
     RestTemplate rt = new RestTemplate(requestFactory);
-    String iamIntrospectUrl = clientConfig.getIssuer() + "/introspect";
+    String iamIntrospectUrl = properties.getIssuer() + "/introspect";
     ResponseEntity<String> response =
         rt.exchange(iamIntrospectUrl, HttpMethod.POST, request, String.class);
 

diff --git a/...rc/main/java/it/infn/mw/tc/IamClient.java → ...nfn/mw/tc/IamTestClientConfiguration.java b/...rc/main/java/it/infn/mw/tc/IamClient.java → ...nfn/mw/tc/IamTestClientConfiguration.java
@@ -1,5 +1,7 @@
 package it.infn.mw.tc;
 
+import static java.util.stream.Collectors.toSet;
+
 import java.security.KeyManagementException;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
@@ -8,6 +10,7 @@
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
+import java.util.stream.Stream;
 
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
@@ -21,7 +24,10 @@
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.apache.logging.log4j.util.Strings;
 import org.italiangrid.voms.util.CertificateValidatorBuilder;
+import org.mitre.oauth2.model.ClientDetailsEntity;
+import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
 import org.mitre.oauth2.model.RegisteredClient;
 import org.mitre.openid.connect.client.OIDCAuthenticationFilter;
 import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
@@ -43,10 +49,10 @@
 import eu.emi.security.authn.x509.impl.SocketFactoryCreator;
 
 @Configuration
-public class IamClient {
+public class IamTestClientConfiguration {
 
   @Autowired
-  private IamClientConfig iamClientConfig;
+  private IamClientApplicationProperties iamClientConfig;
 
   @Bean
   public FilterRegistrationBean<OIDCAuthenticationFilter> disabledAutomaticOidcFilterRegistration(
@@ -110,9 +116,19 @@ private IssuerService iamIssuerService() {
 
   private StaticClientConfigurationService staticClientConfiguration() {
 
-    Map<String, RegisteredClient> clients = new LinkedHashMap<String, RegisteredClient>();
+    Map<String, RegisteredClient> clients = new LinkedHashMap<>();
+
+    ClientDetailsEntity cde = new ClientDetailsEntity();
+    cde.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC);
+    cde.setClientId(iamClientConfig.getClient().getClientId());
+    cde.setClientSecret(iamClientConfig.getClient().getClientSecret());
+
+    if (Strings.isNotBlank(iamClientConfig.getClient().getScope())) {
+      cde.setScope(
+          Stream.of(iamClientConfig.getClient().getScope().split(" ")).collect(toSet()));
+    }
 
-    clients.put(iamClientConfig.getIssuer(), iamClientConfig);
+    clients.put(iamClientConfig.getIssuer(), new RegisteredClient(cde));
 
     StaticClientConfigurationService config = new StaticClientConfigurationService();
     config.setClients(clients);

diff --git a/iam-test-client/src/main/java/it/infn/mw/tc/LocalController.java b/iam-test-client/src/main/java/it/infn/mw/tc/LocalController.java
@@ -1,7 +1,5 @@
 package it.infn.mw.tc;
 
-import java.util.stream.Collectors;
-
 import javax.servlet.http.HttpServletRequest;
 
 import org.springframework.beans.factory.annotation.Autowired;
@@ -17,29 +15,29 @@
 public class LocalController implements ErrorController {
 
   @Autowired
-  IamClientConfig clientConfig;
+  IamClientApplicationProperties properties;
 
   @Autowired
   ClientHttpRequestFactory requestFactory;
 
   @ModelAttribute("iamIssuer")
   public String iamIssuer() {
-    return clientConfig.getIssuer();
+    return properties.getIssuer();
   }
 
   @ModelAttribute("scopes")
   public String requestScopes() {
-    return clientConfig.getScope().stream().collect(Collectors.joining(" "));
+    return properties.getClient().getScope();
   }
 
   @ModelAttribute("organizationName")
   public String organizationName() {
-    return clientConfig.getOrganizationName();
+    return properties.getOrganizationName();
   }
 
   @ModelAttribute("hidesTokens")
   public Boolean hidesTokens() {
-    return clientConfig.isHideTokens();
+    return properties.isHideTokens();
   }
 
   @RequestMapping("/")

diff --git a/iam-test-client/src/main/resources/application.yml b/iam-test-client/src/main/resources/application.yml
@@ -27,4 +27,5 @@ iam:
       clientId: ${IAM_CLIENT_ID:client}
       clientSecret: ${IAM_CLIENT_SECRET:secret}
       redirectUris: ${IAM_CLIENT_REDIRECT_URIS:http://localhost:9090/iam-test-client/openid_connect_login}
-      scope: ${IAM_CLIENT_SCOPES:openid,profile,email,address,phone,offline_access}
+      scope: ${IAM_CLIENT_SCOPES:openid profile email}
+