Commit 778ef2f1 authored by frederic motte's avatar frederic motte
Browse files

modify the SF to communication with HTTPS services, and to support empty AuthZ groups

parent 432fcdcf
<?xml version="1.0" encoding="UTF-8"?>
<!--
Security Filter Servlet Proxy
Copyright (C) 2015 The CHOReVOLUTION project
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<!-- Security Filter Servlet Proxy Copyright (C) 2015 The CHOReVOLUTION project
This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation, either version 3 of the License, or (at your option) any later
version. This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
more details. You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. -->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<organization>
<name>The CHOReVOLUTION project</name>
<url>http://www.chorevolution.eu</url>
</organization>
<licenses>
<license>
<name>GPL v3.0</name>
<url>http://www.gnu.org/licenses/gpl-3.0.en.html</url>
<distribution>repo</distribution>
</license>
</licenses>
<scm>
<connection>scm:git:ssh://gitolite@tuleap.ow2.org/chorevolution/security-filter.git</connection>
<developerConnection>scm:git:ssh://gitolite@tuleap.ow2.org/chorevolution/security-filter.git</developerConnection>
<url>https://tuleap.ow2.org/plugins/git/chorevolution/security-filter</url>
</scm>
<issueManagement>
<system>jira</system>
<url>https://jira.ow2.org/browse/CRV</url>
</issueManagement>
<groupId>eu.chorevolution.securityfilter</groupId>
<artifactId>SecurityfilterServletProxy</artifactId>
<packaging>war</packaging>
<version>0.0.1-SNAPSHOT</version>
<name>SecurityfilterServletProxy Maven Webapp</name>
<url>http://maven.apache.org</url>
<distributionManagement>
<snapshotRepository>
<id>ow2-nexus-snapshots</id>
<name>OW2 Snapshots Repository</name>
<url>http://repository.ow2.org/nexus/content/repositories/snapshots/</url>
</snapshotRepository>
</distributionManagement>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<!-- works with v4.1 and forward; see .travis.yml -->
<httpclient.version>4.5</httpclient.version>
<!-- the last version to provide LocalTestServer.java -->
<httpclient.test.version>4.3.5</httpclient.test.version>
<jackson.version>2.8.3</jackson.version>
</properties>
<dependencies>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
</dependency>
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<organization>
<name>The CHOReVOLUTION project</name>
<url>http://www.chorevolution.eu</url>
</organization>
<licenses>
<license>
<name>GPL v3.0</name>
<url>http://www.gnu.org/licenses/gpl-3.0.en.html</url>
<distribution>repo</distribution>
</license>
</licenses>
<scm>
<connection>scm:git:ssh://gitolite@tuleap.ow2.org/chorevolution/security-filter.git</connection>
<developerConnection>scm:git:ssh://gitolite@tuleap.ow2.org/chorevolution/security-filter.git</developerConnection>
<url>https://tuleap.ow2.org/plugins/git/chorevolution/security-filter</url>
</scm>
<issueManagement>
<system>jira</system>
<url>https://jira.ow2.org/browse/CRV</url>
</issueManagement>
<groupId>eu.chorevolution.securityfilter</groupId>
<artifactId>SecurityfilterServletProxy</artifactId>
<packaging>war</packaging>
<version>0.0.1-SNAPSHOT</version>
<name>SecurityfilterServletProxy Maven Webapp</name>
<url>http://maven.apache.org</url>
<distributionManagement>
<snapshotRepository>
<id>ow2-nexus-snapshots</id>
<name>OW2 Snapshots Repository</name>
<url>http://repository.ow2.org/nexus/content/repositories/snapshots/</url>
</snapshotRepository>
</distributionManagement>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<!-- works with v4.1 and forward; see .travis.yml -->
<httpclient.version>4.5</httpclient.version>
<!-- the last version to provide LocalTestServer.java -->
<httpclient.test.version>4.3.5</httpclient.test.version>
<jackson.version>2.8.3</jackson.version>
</properties>
<dependencies>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${httpclient.version}</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${httpclient.version}</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${httpclient.test.version}</version>
<classifier>tests</classifier>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.4.1</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.4.1</version>
</dependency>
<dependency>
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
<version>1.6.19</version>
</dependency>
<dependency>
<groupId>eu.chorevolution.securityfilter</groupId>
<artifactId>sf-provision-data</artifactId>
<version>0.0.1-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>eu.chorevolution.sts</groupId>
<artifactId>sts-provision-data</artifactId>
<version>0.0.1-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-server</artifactId>
<version>1.9</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-client</artifactId>
<version>1.9</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-ws-security</artifactId>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>org.apache.cxf.services.sts</groupId>
<artifactId>cxf-services-sts-core</artifactId>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.1.3</version>
</dependency>
<!-- <dependency> <groupId>eu.chorevolution</groupId> <artifactId>SecurityTokenService</artifactId>
<version>0.0.1-SNAPSHOT</version> </dependency> -->
<dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>${httpclient.test.version}</version>
<classifier>tests</classifier>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.4.1</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.4.1</version>
</dependency>
<dependency>
<groupId>org.apache.ws.security</groupId>
<artifactId>wss4j</artifactId>
<version>1.6.19</version>
</dependency>
<dependency>
<groupId>eu.chorevolution.securityfilter</groupId>
<artifactId>sf-provision-data</artifactId>
<version>0.0.1-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>eu.chorevolution.sts</groupId>
<artifactId>sts-provision-data</artifactId>
<version>0.0.1-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-server</artifactId>
<version>1.9</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-client</artifactId>
<version>1.9</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-ws-security</artifactId>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>org.apache.cxf.services.sts</groupId>
<artifactId>cxf-services-sts-core</artifactId>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.1.3</version>
</dependency>
<!-- <dependency> <groupId>eu.chorevolution</groupId> <artifactId>SecurityTokenService</artifactId>
<version>0.0.1-SNAPSHOT</version> </dependency> -->
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-xacml-model</artifactId>
<version>3.4.0</version>
</dependency>
<dependency>
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-core</artifactId>
<version>5.0.2</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.8.3</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.google.code.gson/gson -->
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.7</version>
</dependency>
</dependencies>
<build>
<finalName>SecurityfilterServletProxy</finalName>
<plugins>
<plugin><!-- Plugin Maven pour creer archive WAR -->
<artifactId>maven-war-plugin</artifactId>
<version>2.6</version>
</plugin>
<plugin><!-- Plugin pour compilation code Java -->
<artifactId>maven-compiler-plugin</artifactId>
<version>3.5.1</version>
<configuration>
<!-- Java version for compiling the source code -->
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
</plugins>
</build>
<repositories>
<repository>
<id>sonatype</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>ow2-snapshots</id>
<url>http://repository.ow2.org/nexus/content/repositories/snapshots/</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>ow2-releases</id>
<url>http://repository.ow2.org/nexus/content/repositories/releases/</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.8.3</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.0</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.google.code.gson/gson -->
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.7</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-ext-jdk15on</artifactId>
<version>1.55</version>
</dependency>
</dependencies>
<build>
<finalName>SecurityfilterServletProxy</finalName>
<plugins>
<plugin><!-- Plugin Maven pour creer archive WAR -->
<artifactId>maven-war-plugin</artifactId>
<version>2.6</version>
</plugin>
<plugin><!-- Plugin pour compilation code Java -->
<artifactId>maven-compiler-plugin</artifactId>
<version>3.5.1</version>
<configuration>
<!-- Java version for compiling the source code -->
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
</plugins>
</build>
<repositories>
<repository>
<id>sonatype</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>ow2-snapshots</id>
<url>http://repository.ow2.org/nexus/content/repositories/snapshots/</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<repository>
<id>ow2-releases</id>
<url>http://repository.ow2.org/nexus/content/repositories/releases/</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
</project>
package eu.chorevolution;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.Properties;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.ArrayUtils;
public class Encryptor {
private static String algo ="AES";
private SecretKeySpec keySpec = null;
public Encryptor(String secretKey) {
System.out.println("CREATE ENCRYPTOR WITH : " + secretKey);
String actualKey = secretKey;
if (actualKey.length() < 16) {
StringBuilder actualKeyPadding = new StringBuilder(actualKey);
for (int i = 0; i < 16 - actualKey.length(); i++) {
actualKeyPadding.append('0');
}
actualKey = actualKeyPadding.toString();
}
try {
keySpec = new SecretKeySpec(ArrayUtils.subarray(
actualKey.getBytes("UTF-8"), 0, 16), algo);
} catch (UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
public String encode(final String value) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException{
String encodedValue = null;
if (value != null) {
final Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, keySpec);
byte[] envVal = cipher.doFinal(value.getBytes("UTF-8"));
encodedValue = Base64.getEncoder().encodeToString(envVal);
}
return encodedValue;
}
public String decode(final String encodedValue) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException {
System.out.println("encoded value " + encodedValue);
String value = null;
if (encodedValue != null){
final Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, keySpec);
byte[] decodedValue = Base64.getDecoder().decode(encodedValue);
byte[] decVal = cipher.doFinal(decodedValue);
value = new String(decVal, "UTF-8");
}
return value;
}
public static void main(String[] args) {
String password = "password";
Encryptor encryptor = new Encryptor("skjajsjsjljkdsa6633");
try {
String encryptedText = encryptor.encode(password);
String decryptedText = encryptor.decode(encryptedText);
System.out.println("original " + password);
System.out.println("encrypted " + encryptedText);
System.out.println("decrypted " + decryptedText);
System.out.println(encryptor.decode("AEdnzs++tE4XgTQVE6csCw=="));
} catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | IllegalBlockSizeException
| BadPaddingException | UnsupportedEncodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
package eu.chorevolution;
import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.SSLSocketFactory;
public class MySSLSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");
public MySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(truststore);
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sslContext.init(null, new TrustManager[] { tm }, null);
}
@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);