Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modified OpenIdPrincipal to work with different issuers #249

Merged
merged 2 commits into from
Jul 10, 2024
Merged

Modified OpenIdPrincipal to work with different issuers #249

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3d7e422
Initial implementation
Jul 10, 2024
b2ec1bb
Changes after code review
Jul 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cadc-util/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ sourceCompatibility = 1.8

group = 'org.opencadc'

version = '1.11.2'
version = '1.11.3'

description = 'OpenCADC core utility library'
def git_url = 'https://github.com/opencadc/core'
Expand Down
7 changes: 6 additions & 1 deletion cadc-util/src/main/java/ca/nrc/cadc/auth/AuthenticationUtil.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
******************* CANADIAN ASTRONOMY DATA CENTRE *******************
************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES **************
*
* (c) 2023. (c) 2023.
* (c) 2024. (c) 2024.
* Government of Canada Gouvernement du Canada
* National Research Council Conseil national de recherches
* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
Expand Down Expand Up @@ -331,6 +331,11 @@ public static Subject getSubject(PrincipalExtractor principalExtractor, boolean
am = AuthMethod.COOKIE;
break;
}
if (o instanceof OpenIdPrincipal) {
am = AuthMethod.TOKEN;
break;
}

}
}

Expand Down
32 changes: 18 additions & 14 deletions cadc-util/src/main/java/ca/nrc/cadc/auth/OpenIdPrincipal.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
************************************************************************
**** C A N A D I A N A S T R O N O M Y D A T A C E N T R E *****
*
* (c) 2016. (c) 2016.
* (c) 2024. (c) 2024.
* National Research Council Conseil national de recherches
* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
* All rights reserved Tous droits reserves
Expand Down Expand Up @@ -35,33 +35,44 @@
package ca.nrc.cadc.auth;

import java.io.Serializable;
import java.net.URL;
import java.security.Principal;

/**
* Class that represents an openID identity.
* Class that represents an openID identity. The principal consists of an immutable
* open ID and its corresponding issuer.
*/
public class OpenIdPrincipal implements Principal, Serializable {
private static final long serialVersionUID = 20140625143750L;
private static final long serialVersionUID = 202407041230L;

private String openID;
private URL issuer;

/**
* Ctor
*
* @param openID
*/
public OpenIdPrincipal(final String openID) {
public OpenIdPrincipal(final URL issuer, final String openID) {
Copy link
Member

@pdowler pdowler Jul 10, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

javadoc: should have the issuer param

Should we make it more clear in the field name openID that this is the sub (subject) field?

eg by using sub instead of openID everwhere?

if (issuer == null) {
throw new IllegalArgumentException("null issuer");
}
if (openID == null) {
throw new IllegalArgumentException("null openID");
}
this.openID = openID;
this.issuer = issuer;
}

@Override
public String getName() {
return openID;
}

public URL getIssuer() {
return issuer;
}

/*
* (non-Javadoc)
*
Expand All @@ -71,7 +82,7 @@ public String getName() {
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((openID == null) ? 0 : openID.hashCode());
result = prime * result + openID.hashCode() + issuer.hashCode();
return result;
}

Expand All @@ -92,19 +103,12 @@ public boolean equals(Object obj) {
return false;
}
OpenIdPrincipal other = (OpenIdPrincipal) obj;
if (openID == null) {
if (other.openID != null) {
return false;
}
} else if (!openID.equals(other.openID)) {
return false;
}
return true;
return openID.equals(other.openID) && issuer.equals(other.issuer);
}

@Override
public String toString() {
return getClass().getSimpleName() + "[" + getName() + "]";
return getClass().getSimpleName() + "[issuer=" + getIssuer() + ", openID=" + getName() + "]";
}

}
129 changes: 129 additions & 0 deletions cadc-util/src/test/java/ca/nrc/cadc/auth/OpenIdPrincipalTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
/*
************************************************************************
******************* CANADIAN ASTRONOMY DATA CENTRE *******************
************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES **************
*
* (c) 2019. (c) 2019.
* Government of Canada Gouvernement du Canada
* National Research Council Conseil national de recherches
* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
* All rights reserved Tous droits réservés
*
* NRC disclaims any warranties, Le CNRC dénie toute garantie
* expressed, implied, or énoncée, implicite ou légale,
* statutory, of any kind with de quelque nature que ce
* respect to the software, soit, concernant le logiciel,
* including without limitation y compris sans restriction
* any warranty of merchantability toute garantie de valeur
* or fitness for a particular marchande ou de pertinence
* purpose. NRC shall not be pour un usage particulier.
* liable in any event for any Le CNRC ne pourra en aucun cas
* damages, whether direct or être tenu responsable de tout
* indirect, special or general, dommage, direct ou indirect,
* consequential or incidental, particulier ou général,
* arising from the use of the accessoire ou fortuit, résultant
* software. Neither the name de l'utilisation du logiciel. Ni
* of the National Research le nom du Conseil National de
* Council of Canada nor the Recherches du Canada ni les noms
* names of its contributors may de ses participants ne peuvent
* be used to endorse or promote être utilisés pour approuver ou
* products derived from this promouvoir les produits dérivés
* software without specific prior de ce logiciel sans autorisation
* written permission. préalable et particulière
* par écrit.
*
* This file is part of the Ce fichier fait partie du projet
* OpenCADC project. OpenCADC.
*
* OpenCADC is free software: OpenCADC est un logiciel libre ;
* you can redistribute it and/or vous pouvez le redistribuer ou le
* modify it under the terms of modifier suivant les termes de
* the GNU Affero General Public la “GNU Affero General Public
* License as published by the License” telle que publiée
* Free Software Foundation, par la Free Software Foundation
* either version 3 of the : soit la version 3 de cette
* License, or (at your option) licence, soit (à votre gré)
* any later version. toute version ultérieure.
*
* OpenCADC is distributed in the OpenCADC est distribué
* hope that it will be useful, dans l’espoir qu’il vous
* but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE
* without even the implied GARANTIE : sans même la garantie
* warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ
* or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF
* PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence
* General Public License for Générale Publique GNU Affero
* more details. pour plus de détails.
*
* You should have received Vous devriez avoir reçu une
* a copy of the GNU Affero copie de la Licence Générale
* General Public License along Publique GNU Affero avec
* with OpenCADC. If not, see OpenCADC ; si ce n’est
* <http://www.gnu.org/licenses/>. pas le cas, consultez :
* <http://www.gnu.org/licenses/>.
*
* $Revision: 1 $
*
************************************************************************
*/

package ca.nrc.cadc.auth;

import ca.nrc.cadc.util.Log4jInit;
import java.net.MalformedURLException;
import java.net.URL;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.Test;
import junit.framework.Assert;

/**
*
* @author adriand
*/
public class OpenIdPrincipalTest
{
private static Logger log = Logger.getLogger(OpenIdPrincipalTest.class);

private final static URL issuer1;
private final static URL issuer2;

static {
try {
issuer1 = new URL("https://issuer1.example/openid/endpoint");
issuer2 = new URL("https://issuer2.example/openid/endpoint");
} catch (MalformedURLException e) {
throw new RuntimeException(e);
}
}

private final static String id1 = "abc-cdef";
private final static String id2 = "myuser";

static
{
Log4jInit.setLevel("ca.nrc.cadc.auth", Level.INFO);
Log4jInit.setLevel("ca.nrc.cadc.util", Level.INFO);
}

public OpenIdPrincipalTest()
{

}

@Test
public void testPrincipal() throws Exception
{
log.debug("test - START");
OpenIdPrincipal oip1 = new OpenIdPrincipal(issuer1, id1);
Assert.assertEquals(issuer1, oip1.getIssuer());
Assert.assertEquals(id1, oip1.getName());
Assert.assertEquals(oip1, new OpenIdPrincipal(issuer1, id1));

Assert.assertTrue(oip1 != new OpenIdPrincipal(issuer2, id1));
Assert.assertTrue(oip1 != new OpenIdPrincipal(issuer1, id2));
Assert.assertTrue(oip1 != new OpenIdPrincipal(issuer2, id2));

log.debug("testParseBearerToken - DONE");
}
}
Loading