diff options
15 files changed, 1066 insertions, 16 deletions
diff --git a/plugins/org.eclipse.osee.orcs.account.admin.test/src/org/eclipse/osee/orcs/account/admin/integration/JdbcJaxRsOAuthStorageTest.java b/plugins/org.eclipse.osee.orcs.account.admin.test/src/org/eclipse/osee/orcs/account/admin/integration/JdbcJaxRsOAuthStorageTest.java index f3ce2cd8b62..db6e802f99f 100644 --- a/plugins/org.eclipse.osee.orcs.account.admin.test/src/org/eclipse/osee/orcs/account/admin/integration/JdbcJaxRsOAuthStorageTest.java +++ b/plugins/org.eclipse.osee.orcs.account.admin.test/src/org/eclipse/osee/orcs/account/admin/integration/JdbcJaxRsOAuthStorageTest.java @@ -11,12 +11,18 @@ package org.eclipse.osee.orcs.account.admin.integration; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.mockito.Mockito.when; import static org.mockito.MockitoAnnotations.initMocks; import java.util.Arrays; +import java.util.LinkedHashMap; import java.util.List; +import java.util.Map; +import org.eclipse.osee.framework.jdk.core.type.OseePrincipal; +import org.eclipse.osee.framework.jdk.core.util.GUID; import org.eclipse.osee.jaxrs.server.security.JaxRsOAuthStorage; +import org.eclipse.osee.jaxrs.server.security.OAuthClient; import org.eclipse.osee.jaxrs.server.security.OAuthCodeGrant; import org.eclipse.osee.jaxrs.server.security.OAuthToken; import org.eclipse.osee.jaxrs.server.security.OAuthTokenType; @@ -26,6 +32,7 @@ import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; +import org.junit.rules.TestName; import org.junit.rules.TestRule; import org.mockito.Mock; @@ -61,12 +68,30 @@ public class JdbcJaxRsOAuthStorageTest { private static final String RT_GRANT_TYPE_1 = "rt-grant-type-1"; private static final OAuthTokenType RT_TYPE_1 = OAuthTokenType.REFRESH_TOKEN; + public static final String CLIENT_GUID = GUID.create(); + public static final List<String> APPLICATION_CERTIFICATE = Arrays.asList("certificate-1"); + public static final String APPLICATION_DESCRIPTION = "description-1"; + public static final String APPLICATION_LOGO_URI = "logo-uri-1"; + public static final String APPLICATION_NAME = "application-name-1"; + public static final String APPLICATION_WEB_URI = "web-uri-1"; + public static final String CLIENT_KEY = "client-key-1"; + public static final String CLIENT_SECRET = "client-secret-1"; + public static final boolean IS_CONFIDENTIAL = true; + + public static final List<String> GRANT_TYPES = Arrays.asList("grant-1", "grant-2", "grant-3"); + public static final List<String> REDIRECT_URIS = Arrays.asList("uri-1", "uri2"); + public static final List<String> ALLOWED_AUDIENCES = Arrays.asList("audience-1"); + public static final List<String> REGISTERED_SCOPES = Arrays.asList("scope-1", "scope-2", "scope-3"); + @Rule public TestRule osgi = OrcsIntegrationRule.integrationRule(this, "osee.demo.hsql"); @Rule public ExpectedException thrown = ExpectedException.none(); + @Rule + public TestName testName = new TestName(); + @OsgiService private JaxRsOAuthStorage storage; @@ -74,12 +99,21 @@ public class JdbcJaxRsOAuthStorageTest { @Mock private OAuthCodeGrant authCode; @Mock private OAuthToken accessToken; @Mock private OAuthToken refreshToken; + @Mock private OseePrincipal principal; + @Mock private OAuthClient client; // @formatter:on + public static Map<String, String> applicationProperties; + @Before public void testSetup() { initMocks(this); + applicationProperties = new LinkedHashMap<String, String>(); + applicationProperties.put("a", "1"); + applicationProperties.put("b", "2"); + applicationProperties.put("c", "3"); + when(authCode.getUuid()).thenReturn(CODE_UUID); when(authCode.getClientId()).thenReturn(CLIENT_ID); when(authCode.getSubjectId()).thenReturn(SUBJECT_ID); @@ -112,10 +146,125 @@ public class JdbcJaxRsOAuthStorageTest { when(refreshToken.getType()).thenReturn(RT_TYPE_1); when(refreshToken.getGrantType()).thenReturn(RT_GRANT_TYPE_1); when(refreshToken.getAudience()).thenReturn(AUDIENCE); + + when(principal.getGuid()).thenReturn(-1L); + + when(client.getGuid()).thenReturn(CLIENT_GUID); + when(client.getClientUuid()).thenReturn(CLIENT_ID); + when(client.getSubjectId()).thenReturn(SUBJECT_ID); + when(client.getApplicationName()).thenReturn(APPLICATION_NAME); + when(client.getApplicationDescription()).thenReturn(APPLICATION_DESCRIPTION); + when(client.getApplicationWebUri()).thenReturn(APPLICATION_WEB_URI); + when(client.getApplicationLogoUri()).thenReturn(APPLICATION_LOGO_URI); + when(client.getClientId()).thenReturn(CLIENT_KEY); + when(client.getClientSecret()).thenReturn(CLIENT_SECRET); + when(client.getApplicationCertificates()).thenReturn(APPLICATION_CERTIFICATE); + when(client.isConfidential()).thenReturn(IS_CONFIDENTIAL); + + when(client.getAllowedGrantTypes()).thenReturn(GRANT_TYPES); + when(client.getRedirectUris()).thenReturn(REDIRECT_URIS); + when(client.getRegisteredAudiences()).thenReturn(ALLOWED_AUDIENCES); + when(client.getRegisteredScopes()).thenReturn(REGISTERED_SCOPES); + when(client.getProperties()).thenReturn(applicationProperties); + + when(client.hasApplicationLogoSupplier()).thenReturn(false); + when(client.getApplicationLogoSupplier()).thenReturn(null); + } + + @Test + public void testClientStorage() { + storage.storeClient(principal, client); + + long clientUuid = storage.getClientUuidByKey(CLIENT_KEY); + assertEquals(CLIENT_ID, clientUuid); + + OAuthClient actualClient = storage.getClientByClientGuid(CLIENT_GUID); + + assertEquals(CLIENT_GUID, actualClient.getGuid()); + assertEquals(CLIENT_ID, actualClient.getClientUuid()); + assertEquals(SUBJECT_ID, actualClient.getSubjectId()); + assertEquals(APPLICATION_NAME, actualClient.getApplicationName()); + assertEquals(APPLICATION_DESCRIPTION, actualClient.getApplicationDescription()); + assertEquals(APPLICATION_WEB_URI, actualClient.getApplicationWebUri()); + assertEquals(APPLICATION_LOGO_URI, actualClient.getApplicationLogoUri()); + assertEquals(CLIENT_KEY, actualClient.getClientId()); + assertEquals(CLIENT_SECRET, actualClient.getClientSecret()); + assertEquals(APPLICATION_CERTIFICATE, actualClient.getApplicationCertificates()); + assertEquals(IS_CONFIDENTIAL, actualClient.isConfidential()); + assertEquals(GRANT_TYPES, actualClient.getAllowedGrantTypes()); + assertEquals(REDIRECT_URIS, actualClient.getRedirectUris()); + assertEquals(ALLOWED_AUDIENCES, actualClient.getRegisteredAudiences()); + assertEquals(REGISTERED_SCOPES, actualClient.getRegisteredScopes()); + assertEquals(applicationProperties, actualClient.getProperties()); + + actualClient = storage.getClientByClientKey(CLIENT_KEY); + assertEquals(CLIENT_GUID, actualClient.getGuid()); + assertEquals(CLIENT_ID, actualClient.getClientUuid()); + assertEquals(SUBJECT_ID, actualClient.getSubjectId()); + assertEquals(APPLICATION_NAME, actualClient.getApplicationName()); + assertEquals(APPLICATION_DESCRIPTION, actualClient.getApplicationDescription()); + assertEquals(APPLICATION_WEB_URI, actualClient.getApplicationWebUri()); + assertEquals(APPLICATION_LOGO_URI, actualClient.getApplicationLogoUri()); + assertEquals(CLIENT_KEY, actualClient.getClientId()); + assertEquals(CLIENT_SECRET, actualClient.getClientSecret()); + assertEquals(APPLICATION_CERTIFICATE, actualClient.getApplicationCertificates()); + assertEquals(IS_CONFIDENTIAL, actualClient.isConfidential()); + assertEquals(GRANT_TYPES, actualClient.getAllowedGrantTypes()); + assertEquals(REDIRECT_URIS, actualClient.getRedirectUris()); + assertEquals(ALLOWED_AUDIENCES, actualClient.getRegisteredAudiences()); + assertEquals(REGISTERED_SCOPES, actualClient.getRegisteredScopes()); + assertEquals(applicationProperties, actualClient.getProperties()); + + storage.removeClient(principal, actualClient); + + clientUuid = storage.getClientUuidByKey(CLIENT_KEY); + assertEquals(-1L, clientUuid); + + actualClient = storage.getClientByClientGuid(CLIENT_GUID); + assertNull(actualClient); + + actualClient = storage.getClientByClientKey(CLIENT_KEY); + assertNull(actualClient); + } + + @Test + public void testCascadeClientToTokenDeletion() { + storage.storeClient(principal, client); + storage.storeCodeGrant(authCode); + storage.storeToken(accessToken, refreshToken); + storage.relateTokens(refreshToken, accessToken); + + long clientUuid = storage.getClientUuidByKey(CLIENT_KEY); + assertEquals(CLIENT_ID, clientUuid); + + OAuthClient actualClient = storage.getClientByClientGuid(CLIENT_GUID); + assertNotNull(actualClient); + + OAuthToken accessToken = storage.getPreauthorizedToken(CLIENT_ID, SUBJECT_ID, AT_GRANT_TYPE_1); + assertNotNull(accessToken); + + OAuthToken refresh = storage.getPreauthorizedToken(CLIENT_ID, SUBJECT_ID, RT_GRANT_TYPE_1); + assertNotNull(refresh); + + storage.removeClient(principal, client); + + clientUuid = storage.getClientUuidByKey(CLIENT_KEY); + assertEquals(-1L, clientUuid); + + actualClient = storage.getClientByClientGuid(CLIENT_GUID); + assertNull(actualClient); + + accessToken = storage.getPreauthorizedToken(CLIENT_ID, SUBJECT_ID, AT_GRANT_TYPE_1); + assertNull(accessToken); + + refresh = storage.getPreauthorizedToken(CLIENT_ID, SUBJECT_ID, RT_GRANT_TYPE_1); + assertNull(refresh); } @Test public void testAuthCode() { + storage.storeClient(principal, client); + OAuthCodeGrant actual = storage.getCodeGrant(AUTH_CODE_1); assertNull(actual); @@ -138,10 +287,15 @@ public class JdbcJaxRsOAuthStorageTest { actual = storage.getCodeGrant(AUTH_CODE_1); assertNull(actual); + + long clientUuid = storage.getClientUuidByKey(CLIENT_KEY); + assertEquals(CLIENT_ID, clientUuid); } @Test public void testAccessToken() { + storage.storeClient(principal, client); + storage.storeToken(accessToken); OAuthToken actual = storage.getPreauthorizedToken(CLIENT_ID, SUBJECT_ID, AT_GRANT_TYPE_1); @@ -162,10 +316,15 @@ public class JdbcJaxRsOAuthStorageTest { actual = storage.getPreauthorizedToken(CLIENT_ID, SUBJECT_ID, AT_GRANT_TYPE_1); assertNull(actual); + + long clientUuid = storage.getClientUuidByKey(CLIENT_KEY); + assertEquals(CLIENT_ID, clientUuid); } @Test public void testAccessTokenWithRefreshToken() { + storage.storeClient(principal, client); + storage.storeToken(accessToken, refreshToken); storage.relateTokens(refreshToken, accessToken); @@ -222,5 +381,7 @@ public class JdbcJaxRsOAuthStorageTest { refresh = storage.getPreauthorizedToken(CLIENT_ID, SUBJECT_ID, RT_GRANT_TYPE_1); assertNull(refresh); + long clientUuid = storage.getClientUuidByKey(CLIENT_KEY); + assertEquals(CLIENT_ID, clientUuid); } } diff --git a/plugins/org.eclipse.osee.orcs.account.admin/META-INF/MANIFEST.MF b/plugins/org.eclipse.osee.orcs.account.admin/META-INF/MANIFEST.MF index ed9006eb53c..745e1dc53e1 100644 --- a/plugins/org.eclipse.osee.orcs.account.admin/META-INF/MANIFEST.MF +++ b/plugins/org.eclipse.osee.orcs.account.admin/META-INF/MANIFEST.MF @@ -6,7 +6,10 @@ Bundle-Version: 0.19.0.qualifier Bundle-RequiredExecutionEnvironment: JavaSE-1.6 Bundle-Vendor: Eclipse Open System Engineering Environment Service-Component: OSGI-INF/*.xml -Import-Package: org.eclipse.osee.account.admin, +Import-Package: com.google.common.io, + com.google.gson, + com.google.gson.reflect, + org.eclipse.osee.account.admin, org.eclipse.osee.account.admin.ds, org.eclipse.osee.database.schema, org.eclipse.osee.executor.admin, diff --git a/plugins/org.eclipse.osee.orcs.account.admin/OSGI-INF/jaxrs.jdbc.client.storage.provider.xml b/plugins/org.eclipse.osee.orcs.account.admin/OSGI-INF/jaxrs.jdbc.client.storage.provider.xml new file mode 100644 index 00000000000..002c22c38d4 --- /dev/null +++ b/plugins/org.eclipse.osee.orcs.account.admin/OSGI-INF/jaxrs.jdbc.client.storage.provider.xml @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<scr:component xmlns:scr="http://www.osgi.org/xmlns/scr/v1.1.0" > + <implementation class="org.eclipse.osee.orcs.account.admin.internal.oauth.ClientStorageProvider" /> + <service> + <provide interface="org.eclipse.osee.orcs.account.admin.internal.oauth.ClientStorageProvider"/> + </service> + <reference bind="setLogger" cardinality="1..1" interface="org.eclipse.osee.logger.Log" name="Log" policy="static"/> + <reference bind="setOrcsApi" cardinality="1..1" interface="org.eclipse.osee.orcs.OrcsApi" name="OrcsApi" policy="static"/> +</scr:component> diff --git a/plugins/org.eclipse.osee.orcs.account.admin/OSGI-INF/jaxrs.jdbc.oauth.storage.xml b/plugins/org.eclipse.osee.orcs.account.admin/OSGI-INF/jaxrs.jdbc.oauth.storage.xml index d4dfa5faec2..ac5dc9ed2a5 100644 --- a/plugins/org.eclipse.osee.orcs.account.admin/OSGI-INF/jaxrs.jdbc.oauth.storage.xml +++ b/plugins/org.eclipse.osee.orcs.account.admin/OSGI-INF/jaxrs.jdbc.oauth.storage.xml @@ -1,9 +1,10 @@ <?xml version="1.0" encoding="UTF-8"?> <scr:component xmlns:scr="http://www.osgi.org/xmlns/scr/v1.1.0" activate="start" deactivate="stop"> <implementation class="org.eclipse.osee.orcs.account.admin.internal.oauth.JdbcJaxRsOAuthStorage" /> - <reference bind="setLogger" cardinality="1..1" interface="org.eclipse.osee.logger.Log" name="Log" policy="static"/> - <reference bind="setDatabaseService" cardinality="1..1" interface="org.eclipse.osee.framework.database.IOseeDatabaseService" name="IOseeDatabaseService" policy="static"/> - <service> - <provide interface="org.eclipse.osee.jaxrs.server.security.JaxRsOAuthStorage"/> - </service> + <service> + <provide interface="org.eclipse.osee.jaxrs.server.security.JaxRsOAuthStorage"/> + </service> + <reference bind="setLogger" cardinality="1..1" interface="org.eclipse.osee.logger.Log" name="Log" policy="static"/> + <reference bind="setDatabaseService" cardinality="1..1" interface="org.eclipse.osee.framework.database.IOseeDatabaseService" name="IOseeDatabaseService" policy="static"/> + <reference bind="setClientStorageProvider" cardinality="1..1" interface="org.eclipse.osee.orcs.account.admin.internal.oauth.ClientStorageProvider" name="ClientStorageProvider" policy="static"/> </scr:component> diff --git a/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/ClientArtifact.java b/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/ClientArtifact.java new file mode 100644 index 00000000000..8f5cfe3f1bc --- /dev/null +++ b/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/ClientArtifact.java @@ -0,0 +1,142 @@ +/******************************************************************************* + * Copyright (c) 2014 Boeing. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + * Contributors: + * Boeing - initial API and implementation + *******************************************************************************/ +package org.eclipse.osee.orcs.account.admin.internal.oauth; + +import java.io.InputStream; +import java.lang.reflect.Type; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import org.eclipse.osee.framework.core.enums.CoreAttributeTypes; +import org.eclipse.osee.framework.jdk.core.type.BaseIdentity; +import org.eclipse.osee.framework.jdk.core.util.Strings; +import org.eclipse.osee.jaxrs.server.security.OAuthClient; +import org.eclipse.osee.orcs.data.ArtifactReadable; +import com.google.common.io.InputSupplier; +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; +import com.google.gson.reflect.TypeToken; + +/** + * @author Roberto E. Escobar + */ +public class ClientArtifact extends BaseIdentity<String> implements OAuthClient, InputSupplier<InputStream> { + + private final GsonBuilder builder; + private final ArtifactReadable artifact; + private final OAuthClientCredential credential; + + public ClientArtifact(GsonBuilder builder, ArtifactReadable artifact, OAuthClientCredential credential) { + super(artifact.getGuid()); + this.builder = builder; + this.credential = credential; + this.artifact = artifact; + } + + @Override + public long getClientUuid() { + return credential.getClientId(); + } + + @Override + public long getSubjectId() { + return credential.getSubjectId(); + } + + @Override + public String getApplicationName() { + return artifact.getName(); + } + + @Override + public String getApplicationDescription() { + return artifact.getSoleAttributeValue(CoreAttributeTypes.Description); + } + + @Override + public String getApplicationWebUri() { + return artifact.getSoleAttributeAsString(OAuthTypes.OAUTH_CLIENT_WEBSITE_URI); + } + + @Override + public String getApplicationLogoUri() { + return artifact.getSoleAttributeAsString(OAuthTypes.OAUTH_CLIENT_LOGO_URI); + } + + @Override + public boolean isConfidential() { + return artifact.getSoleAttributeValue(OAuthTypes.OAUTH_CLIENT_IS_CONFIDENTIAL); + } + + @Override + public List<String> getAllowedGrantTypes() { + return artifact.getAttributeValues(OAuthTypes.OAUTH_CLIENT_AUTHORIZED_GRANT_TYPE); + } + + @Override + public List<String> getRedirectUris() { + return artifact.getAttributeValues(OAuthTypes.OAUTH_CLIENT_AUTHORIZED_REDIRECT_URI); + } + + @Override + public List<String> getRegisteredScopes() { + return artifact.getAttributeValues(OAuthTypes.OAUTH_CLIENT_AUTHORIZED_SCOPE); + } + + @Override + public List<String> getRegisteredAudiences() { + return artifact.getAttributeValues(OAuthTypes.OAUTH_CLIENT_AUTHORIZED_AUDIENCE); + } + + @Override + public Map<String, String> getProperties() { + Map<String, String> toReturn = Collections.emptyMap(); + String data = artifact.getSoleAttributeValue(OAuthTypes.OAUTH_CLIENT_PROPERTIES, null); + if (Strings.isValid(data)) { + Gson gson = builder.create(); + Type typeOfHashMap = new TypeToken<Map<String, String>>() { // + }.getType(); + toReturn = gson.fromJson(data, typeOfHashMap); + } + return toReturn; + } + + @Override + public String getClientId() { + return credential.getClientKey(); + } + + @Override + public String getClientSecret() { + return credential.getClientSecret(); + } + + @Override + public List<String> getApplicationCertificates() { + return credential.getClientCertificates(); + } + + @Override + public boolean hasApplicationLogoSupplier() { + return artifact.getAttributeCount(CoreAttributeTypes.ImageContent) > 0; + } + + @Override + public InputSupplier<InputStream> getApplicationLogoSupplier() { + return this; + } + + @Override + public InputStream getInput() { + return artifact.getSoleAttributeValue(CoreAttributeTypes.ImageContent); + } + +} diff --git a/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/ClientCredentialStorage.java b/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/ClientCredentialStorage.java new file mode 100644 index 00000000000..a3cbc51cdb1 --- /dev/null +++ b/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/ClientCredentialStorage.java @@ -0,0 +1,171 @@ +/******************************************************************************* + * Copyright (c) 2014 Boeing. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + * Contributors: + * Boeing - initial API and implementation + *******************************************************************************/ +package org.eclipse.osee.orcs.account.admin.internal.oauth; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import org.eclipse.osee.framework.database.IOseeDatabaseService; +import org.eclipse.osee.framework.database.core.IOseeStatement; +import org.eclipse.osee.framework.jdk.core.util.Strings; +import org.eclipse.osee.logger.Log; + +/** + * @author Roberto E. Escobar + */ +public class ClientCredentialStorage extends AbstractDatabaseStorage<OAuthClientCredential> { + + private static final String SELECT_CLIENT_CREDENTIAL_BY_CLIENT_ID_AND_APPLICATION_ID = + "SELECT * FROM osee_oauth_client_credential WHERE client_id= ? AND application_id = ?"; + + private static final String SELECT_CLIENT_CREDENTIAL_BY_APPLICATION_ID = + "SELECT * FROM osee_oauth_client_credential WHERE application_id = ?"; + + private static final String SELECT_CLIENT_CREDENTIAL_BY_CLIENT_KEY = + "SELECT * FROM osee_oauth_client_credential WHERE client_key = ?"; + + private static final String INSERT_CLIENT_CREDENTIAL = + "INSERT INTO osee_oauth_client_credential (client_id, application_id, subject_id, client_key, client_secret, client_cert) VALUES (?,?,?,?,?,?)"; + + private static final String DELETE_CLIENT_CREDENTIAL_BY_CLIENT_ID = + "DELETE FROM osee_oauth_client_credential WHERE client_id = ?"; + + private static final String UPDATE_BY_CLIENT_CREDENTIAL = + "UPDATE osee_oauth_client_credential SET subject_id = ?, client_key = ?, client_key = ?, client_secret = ?, client_cert = ? WHERE client_id = ? AND application_id = ?"; + + public ClientCredentialStorage(Log logger, IOseeDatabaseService dbService) { + super(logger, dbService); + } + + @Override + protected Object[] asInsert(OAuthClientCredential data) { + return new Object[] { + data.getClientId(), + data.getApplicationId(), + data.getSubjectId(), + data.getClientKey(), + asVarcharOrNull(data.getClientSecret()), + asVarcharOrNull(asCertString(data.getClientCertificates()))}; + } + + @Override + protected Object[] asUpdate(OAuthClientCredential data) { + return new Object[] { + data.getSubjectId(), + data.getClientKey(), + asVarcharOrNull(data.getClientSecret()), + asVarcharOrNull(asCertString(data.getClientCertificates())), + data.getClientId(), + data.getApplicationId()}; + } + + @Override + protected Object[] asDelete(OAuthClientCredential data) { + return new Object[] {data.getClientId()}; + } + + public void update(OAuthClientCredential data) { + updateItems(UPDATE_BY_CLIENT_CREDENTIAL, data); + } + + public OAuthClientCredential getByClientKey(String clientKey) { + return selectOneOrNull(SELECT_CLIENT_CREDENTIAL_BY_CLIENT_KEY, clientKey); + } + + public OAuthClientCredential getByApplicationId(long applicationId) { + return selectOneOrNull(SELECT_CLIENT_CREDENTIAL_BY_APPLICATION_ID, applicationId); + } + + public OAuthClientCredential getByClientIdAndApplicationId(long clientId, long applicationId) { + return selectOneOrNull(SELECT_CLIENT_CREDENTIAL_BY_CLIENT_ID_AND_APPLICATION_ID, clientId, applicationId); + } + + public void insert(OAuthClientCredential data) { + insertItems(INSERT_CLIENT_CREDENTIAL, data); + } + + public void delete(OAuthClientCredential data) { + deleteItems(DELETE_CLIENT_CREDENTIAL_BY_CLIENT_ID, data); + } + + public void delete(Iterable<OAuthClientCredential> datas) { + deleteItems(DELETE_CLIENT_CREDENTIAL_BY_CLIENT_ID, datas); + } + + @Override + protected OAuthClientCredential readData(IOseeStatement chStmt) { + final long clientId = chStmt.getLong("client_id"); + final long applicationId = chStmt.getLong("application_id"); + final long subjectId = chStmt.getLong("subject_id"); + + final String clientKey = chStmt.getString("client_key"); + final String clientSecret = chStmt.getString("client_secret"); + final String clientCert = chStmt.getString("client_cert"); + + List<String> certs = fromCertString(clientCert); + return newCredential(clientId, applicationId, subjectId, clientKey, clientSecret, certs); + } + + private String asCertString(List<String> certs) { + return certs != null ? org.eclipse.osee.framework.jdk.core.util.Collections.toString(";", certs) : null; + } + + private List<String> fromCertString(String certs) { + List<String> toReturn = null; + if (Strings.isValid(certs)) { + toReturn = new ArrayList<String>(); + String[] certArray = certs.split(";"); + for (String cert : certArray) { + toReturn.add(cert); + } + } else { + toReturn = Collections.emptyList(); + } + return toReturn; + } + + public OAuthClientCredential newCredential(final long clientId, final long applicationId, final long subjectId, final String clientKey, final String clientSecret, final List<String> clientCert) { + return new OAuthClientCredential() { + + @Override + public long getClientId() { + return clientId; + } + + @Override + public long getApplicationId() { + return applicationId; + } + + @Override + public long getSubjectId() { + return subjectId; + } + + @Override + public String getClientKey() { + return clientKey; + } + + @Override + public String getClientSecret() { + return clientSecret; + } + + @Override + public List<String> getClientCertificates() { + return clientCert; + } + + }; + } + +} diff --git a/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/ClientStorage.java b/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/ClientStorage.java new file mode 100644 index 00000000000..7d3159e7b15 --- /dev/null +++ b/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/ClientStorage.java @@ -0,0 +1,215 @@ +/******************************************************************************* + * Copyright (c) 2014 Boeing. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + * Contributors: + * Boeing - initial API and implementation + *******************************************************************************/ +package org.eclipse.osee.orcs.account.admin.internal.oauth; + +import static org.eclipse.osee.orcs.account.admin.internal.oauth.OAuthTypes.OAUTH_CLIENT; +import static org.eclipse.osee.orcs.account.admin.internal.oauth.OAuthTypes.OAUTH_CLIENT_AUTHORIZED_AUDIENCE; +import static org.eclipse.osee.orcs.account.admin.internal.oauth.OAuthTypes.OAUTH_CLIENT_AUTHORIZED_GRANT_TYPE; +import static org.eclipse.osee.orcs.account.admin.internal.oauth.OAuthTypes.OAUTH_CLIENT_AUTHORIZED_REDIRECT_URI; +import static org.eclipse.osee.orcs.account.admin.internal.oauth.OAuthTypes.OAUTH_CLIENT_AUTHORIZED_SCOPE; +import static org.eclipse.osee.orcs.account.admin.internal.oauth.OAuthTypes.OAUTH_CLIENT_IS_CONFIDENTIAL; +import static org.eclipse.osee.orcs.account.admin.internal.oauth.OAuthTypes.OAUTH_CLIENT_LOGO_URI; +import static org.eclipse.osee.orcs.account.admin.internal.oauth.OAuthTypes.OAUTH_CLIENT_PROPERTIES; +import static org.eclipse.osee.orcs.account.admin.internal.oauth.OAuthTypes.OAUTH_CLIENT_WEBSITE_URI; +import static org.eclipse.osee.orcs.account.admin.internal.oauth.OAuthTypes.OAUTH_TYPES_ARTIFACT; +import java.io.IOException; +import java.io.InputStream; +import java.util.Map; +import org.eclipse.osee.framework.core.data.IOseeBranch; +import org.eclipse.osee.framework.core.enums.CoreArtifactTypes; +import org.eclipse.osee.framework.core.enums.CoreAttributeTypes; +import org.eclipse.osee.framework.core.enums.SystemUser; +import org.eclipse.osee.framework.jdk.core.type.OseeCoreException; +import org.eclipse.osee.framework.jdk.core.type.OseePrincipal; +import org.eclipse.osee.framework.jdk.core.type.ResultSet; +import org.eclipse.osee.framework.jdk.core.util.Lib; +import org.eclipse.osee.jaxrs.server.security.OAuthClient; +import org.eclipse.osee.logger.Log; +import org.eclipse.osee.orcs.ApplicationContext; +import org.eclipse.osee.orcs.OrcsApi; +import org.eclipse.osee.orcs.data.ArtifactId; +import org.eclipse.osee.orcs.data.ArtifactReadable; +import org.eclipse.osee.orcs.search.QueryBuilder; +import org.eclipse.osee.orcs.search.QueryFactory; +import org.eclipse.osee.orcs.transaction.TransactionBuilder; +import org.eclipse.osee.orcs.transaction.TransactionFactory; +import org.eclipse.osee.orcs.utility.OrcsUtil; +import com.google.common.io.InputSupplier; +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; + +/** + * @author Roberto E. Escobar + */ +public class ClientStorage { + + private final Log logger; + private final GsonBuilder builder; + private final OrcsApi orcsApi; + private final ApplicationContext context; + private final IOseeBranch storageBranch; + + public ClientStorage(Log logger, GsonBuilder builder, OrcsApi orcsApi, ApplicationContext context, IOseeBranch storageBranch) { + super(); + this.logger = logger; + this.builder = builder; + this.orcsApi = orcsApi; + this.context = context; + this.storageBranch = storageBranch; + } + + private IOseeBranch getBranch() { + return storageBranch; + } + + private int idToInt(long uuid) { + return Long.valueOf(uuid).intValue(); + } + + private QueryBuilder newQuery() { + QueryFactory queryFactory = orcsApi.getQueryFactory(context); + return queryFactory.fromBranch(getBranch()); + } + + private ArtifactReadable getAuthorById(long authorId) { + ArtifactReadable author; + if (authorId > -1L) { + int artId = idToInt(authorId); + author = newQuery().andLocalId(artId).getResults().getExactlyOne(); + } else { + author = getSystemUser(); + } + return author; + } + + @SuppressWarnings("unchecked") + private ArtifactReadable getSystemUser() { + return newQuery().andIds(SystemUser.OseeSystem).getResults().getExactlyOne(); + } + + private TransactionBuilder newTransaction(OseePrincipal principal, String comment) { + long authorId = principal != null ? principal.getGuid() : -1L; + ArtifactReadable author = getAuthorById(authorId); + + TransactionFactory transactionFactory = orcsApi.getTransactionFactory(context); + return transactionFactory.createTransaction(getBranch(), author, comment); + } + + public ResultSet<ArtifactReadable> getClientByApplicationId(long applicationId) { + int id = idToInt(applicationId); + return newQuery().andIsOfType(OAUTH_CLIENT).andLocalId(id).getResults(); + } + + public ResultSet<ArtifactReadable> getClientByClientGuid(String guid) { + return newQuery().andIsOfType(OAUTH_CLIENT).andGuid(guid).getResults(); + } + + public boolean exists(String guid) { + return newQuery().andIsOfType(OAUTH_CLIENT).andGuid(guid).getCount() > 0; + } + + public void insert(OseePrincipal principal, OAuthClient data) { + TransactionBuilder tx = newTransaction(principal, "Create OAuth Client"); + ArtifactId artId = tx.createArtifact(OAUTH_CLIENT, data.getApplicationName(), data.getGuid()); + txSetClient(tx, artId, data); + tx.commit(); + } + + public void update(OseePrincipal principal, OAuthClient data) { + ArtifactId artId = OrcsUtil.newArtifactId(data.getGuid(), data.getApplicationName()); + + TransactionBuilder tx = newTransaction(principal, "Update OAuth Client"); + tx.setName(artId, data.getApplicationName()); + txSetClient(tx, artId, data); + tx.commit(); + } + + private void txSetClient(TransactionBuilder tx, ArtifactId artId, OAuthClient data) { + //@formatter:off + tx.setSoleAttributeFromString(artId, CoreAttributeTypes.Description, data.getApplicationDescription()); + tx.setSoleAttributeFromString(artId, OAUTH_CLIENT_WEBSITE_URI, data.getApplicationWebUri()); + tx.setSoleAttributeFromString(artId, OAUTH_CLIENT_LOGO_URI, data.getApplicationLogoUri()); + + tx.setSoleAttributeValue(artId, OAUTH_CLIENT_IS_CONFIDENTIAL, data.isConfidential()); + + tx.setAttributesFromStrings(artId, OAUTH_CLIENT_AUTHORIZED_AUDIENCE, data.getRegisteredAudiences()); + tx.setAttributesFromStrings(artId, OAUTH_CLIENT_AUTHORIZED_GRANT_TYPE, data.getAllowedGrantTypes()); + tx.setAttributesFromStrings(artId, OAUTH_CLIENT_AUTHORIZED_REDIRECT_URI, data.getRedirectUris()); + tx.setAttributesFromStrings(artId, OAUTH_CLIENT_AUTHORIZED_SCOPE, data.getRegisteredScopes()); + //@formatter:on + + InputSupplier<InputStream> supplier = data.getApplicationLogoSupplier(); + if (supplier != null) { + try { + tx.setAttributesFromValues(artId, CoreAttributeTypes.ImageContent, supplier.getInput()); + } catch (Exception ex) { + throw new OseeCoreException(ex, "Error reading logo data for [%s]", artId); + } + } + + Map<String, String> props = data.getProperties(); + Gson gson = builder.create(); + String json = gson.toJson(props); + tx.setSoleAttributeValue(artId, OAUTH_CLIENT_PROPERTIES, json); + } + + public void delete(OseePrincipal principal, OAuthClient data) { + ArtifactId artId = OrcsUtil.newArtifactId(data.getGuid(), data.getApplicationName()); + + TransactionBuilder tx = newTransaction(principal, "Delete OAuth Client"); + tx.deleteArtifact(artId); + tx.commit(); + } + + @SuppressWarnings("unchecked") + private ResultSet<ArtifactReadable> getOAuthTypesDefinition() throws OseeCoreException { + return newQuery().andIds(OAUTH_TYPES_ARTIFACT).getResults(); + } + + public void storeTypes(InputSupplier<? extends InputStream> resource) { + TransactionBuilder tx = newTransaction(null, "Initialize OAuth Type Definitions"); + + ArtifactId artifactId = OAUTH_TYPES_ARTIFACT; + if (!typesExist()) { + tx.createArtifact(CoreArtifactTypes.OseeTypeDefinition, artifactId.getName(), artifactId.getGuid()); + } + InputStream stream = null; + try { + stream = resource.getInput(); + tx.setSoleAttributeFromStream(artifactId, CoreAttributeTypes.UriGeneralStringData, stream); + } catch (IOException ex) { + throw new OseeCoreException(ex); + } finally { + Lib.close(stream); + } + tx.commit(); + reloadTypes(); + } + + private void reloadTypes() { + orcsApi.getOrcsTypes(context).invalidateAll(); + } + + public boolean typesExist() { + boolean result = false; + try { + result = !getOAuthTypesDefinition().isEmpty(); + } catch (OseeCoreException ex) { + logger.warn(ex, "Error checking for OAuth Types"); + } + return result; + } + + public OAuthClient newClient(ArtifactReadable artifact, OAuthClientCredential credential) { + return new ClientArtifact(builder, artifact, credential); + } + +}
\ No newline at end of file diff --git a/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/ClientStorageProvider.java b/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/ClientStorageProvider.java new file mode 100644 index 00000000000..87f75cfedce --- /dev/null +++ b/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/ClientStorageProvider.java @@ -0,0 +1,88 @@ +/******************************************************************************* + * Copyright (c) 2014 Boeing. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + * Contributors: + * Boeing - initial API and implementation + *******************************************************************************/ +package org.eclipse.osee.orcs.account.admin.internal.oauth; + +import java.io.BufferedInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; +import java.util.concurrent.Callable; +import java.util.concurrent.FutureTask; +import org.eclipse.osee.framework.core.data.IOseeBranch; +import org.eclipse.osee.framework.core.enums.CoreBranches; +import org.eclipse.osee.framework.jdk.core.type.LazyObject; +import org.eclipse.osee.framework.jdk.core.util.GUID; +import org.eclipse.osee.logger.Log; +import org.eclipse.osee.orcs.ApplicationContext; +import org.eclipse.osee.orcs.OrcsApi; +import com.google.common.io.InputSupplier; +import com.google.gson.GsonBuilder; + +/** + * @author Roberto E. Escobar + */ +public class ClientStorageProvider extends LazyObject<ClientStorage> { + + private static final String OAUTH_TYPES_DEFITIONS = "types/OseeTypes_OAuth.osee"; + + private Log logger; + private OrcsApi orcsApi; + + public void setLogger(Log logger) { + this.logger = logger; + } + + public void setOrcsApi(OrcsApi orcsApi) { + this.orcsApi = orcsApi; + } + + @Override + protected FutureTask<ClientStorage> createLoaderTask() { + Callable<ClientStorage> callable = new Callable<ClientStorage>() { + + @Override + public ClientStorage call() throws Exception { + GsonBuilder builder = new GsonBuilder(); + IOseeBranch storageBranch = CoreBranches.COMMON; + ApplicationContext context = newApplicationContext(GUID.create()); + ClientStorage clientStorage = new ClientStorage(logger, builder, orcsApi, context, storageBranch); + + if (!clientStorage.typesExist()) { + clientStorage.storeTypes(newTypesSupplier()); + } + return clientStorage; + } + + }; + return new FutureTask<ClientStorage>(callable); + } + + private ApplicationContext newApplicationContext(final String sessionId) { + return new ApplicationContext() { + + @Override + public String getSessionId() { + return sessionId; + } + }; + } + + private InputSupplier<InputStream> newTypesSupplier() { + return new InputSupplier<InputStream>() { + + @Override + public InputStream getInput() throws IOException { + URL resource = getClass().getResource(OAUTH_TYPES_DEFITIONS); + return new BufferedInputStream(resource.openStream()); + } + }; + } +}
\ No newline at end of file diff --git a/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/JdbcJaxRsOAuthStorage.java b/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/JdbcJaxRsOAuthStorage.java index 3e3329bfac7..20796067936 100644 --- a/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/JdbcJaxRsOAuthStorage.java +++ b/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/JdbcJaxRsOAuthStorage.java @@ -10,6 +10,7 @@ *******************************************************************************/ package org.eclipse.osee.orcs.account.admin.internal.oauth; +import java.util.List; import org.eclipse.osee.framework.database.IOseeDatabaseService; import org.eclipse.osee.framework.jdk.core.type.OseePrincipal; import org.eclipse.osee.jaxrs.server.security.JaxRsOAuthStorage; @@ -17,6 +18,7 @@ import org.eclipse.osee.jaxrs.server.security.OAuthClient; import org.eclipse.osee.jaxrs.server.security.OAuthCodeGrant; import org.eclipse.osee.jaxrs.server.security.OAuthToken; import org.eclipse.osee.logger.Log; +import org.eclipse.osee.orcs.data.ArtifactReadable; /** * @author Roberto E. Escobar @@ -28,6 +30,8 @@ public class JdbcJaxRsOAuthStorage implements JaxRsOAuthStorage { private AuthCodeGrantStorage authCodeGrantStorage; private TokenStorage tokenStorage; + private ClientCredentialStorage credentialStorage; + private ClientStorageProvider clientStorageProvider; public void setLogger(Log logger) { this.logger = logger; @@ -37,15 +41,24 @@ public class JdbcJaxRsOAuthStorage implements JaxRsOAuthStorage { this.dbService = dbService; } + public void setClientStorageProvider(ClientStorageProvider clientStorageProvider) { + this.clientStorageProvider = clientStorageProvider; + } + public void start() { authCodeGrantStorage = new AuthCodeGrantStorage(logger, dbService); tokenStorage = new TokenStorage(logger, dbService); + credentialStorage = new ClientCredentialStorage(logger, dbService); } public void stop() { // } + private ClientStorage getClientStorage() { + return clientStorageProvider.get(); + } + @Override public OAuthCodeGrant getCodeGrant(String code) { return authCodeGrantStorage.getByCode(code); @@ -92,28 +105,82 @@ public class JdbcJaxRsOAuthStorage implements JaxRsOAuthStorage { } @Override - public long getClientUuidByKey(String clientKey) { - return 0; + public void storeClient(OseePrincipal principal, OAuthClient client) { + ClientStorage clientStorage = getClientStorage(); + + boolean exists = clientStorage.exists(client.getGuid()); + if (exists) { + clientStorage.update(principal, client); + } else { + clientStorage.insert(principal, client); + } + + ArtifactReadable artifact = clientStorage.getClientByClientGuid(client.getGuid()).getExactlyOne(); + + long clientId = client.getClientUuid(); + long applicationId = artifact.getLocalId(); + + OAuthClientCredential credential = asCredential(client, applicationId); + if (credentialStorage.getByClientIdAndApplicationId(clientId, applicationId) != null) { + credentialStorage.update(credential); + } else { + credentialStorage.insert(credential); + } + } + + OAuthClientCredential asCredential(OAuthClient client, long applicationId) { + long clientId = client.getClientUuid(); + long subjectId = client.getSubjectId(); + + String clientKey = client.getClientId(); + String clientSecret = client.getClientSecret(); + + List<String> clientCerts = client.getApplicationCertificates(); + return credentialStorage.newCredential(clientId, applicationId, subjectId, clientKey, clientSecret, clientCerts); } @Override - public OAuthClient getClientByClientGuid(String guid) { - return null; + public void removeClient(OseePrincipal principal, OAuthClient client) { + getClientStorage().delete(principal, client); + + OAuthClientCredential credential = asCredential(client, -1L); + credentialStorage.delete(credential); } @Override - public OAuthClient getClientByClientKey(String clientKey) { - return null; + public long getClientUuidByKey(String clientKey) { + OAuthClientCredential credential = credentialStorage.getByClientKey(clientKey); + return credential != null ? credential.getClientId() : -1L; } @Override - public void storeClient(OseePrincipal principal, OAuthClient client) { - // + public OAuthClient getClientByClientGuid(String guid) { + OAuthClient client = null; + ClientStorage clientStorage = getClientStorage(); + ArtifactReadable artifact = clientStorage.getClientByClientGuid(guid).getOneOrNull(); + if (artifact != null) { + Integer applicationId = artifact.getLocalId(); + + OAuthClientCredential credential = credentialStorage.getByApplicationId(applicationId); + client = clientStorage.newClient(artifact, credential); + } + return client; } @Override - public void removeClient(OseePrincipal principal, OAuthClient client) { - // + public OAuthClient getClientByClientKey(String clientKey) { + OAuthClientCredential credential = credentialStorage.getByClientKey(clientKey); + OAuthClient client = null; + if (credential != null) { + long applicationId = credential.getApplicationId(); + + ClientStorage clientStorage = getClientStorage(); + ArtifactReadable artifact = clientStorage.getClientByApplicationId(applicationId).getOneOrNull(); + if (artifact != null) { + client = clientStorage.newClient(artifact, credential); + } + } + return client; } } diff --git a/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/OAuthClientCredential.java b/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/OAuthClientCredential.java new file mode 100644 index 00000000000..2a1cfda93dc --- /dev/null +++ b/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/OAuthClientCredential.java @@ -0,0 +1,32 @@ +/******************************************************************************* + * Copyright (c) 2014 Boeing. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + * Contributors: + * Boeing - initial API and implementation + *******************************************************************************/ +package org.eclipse.osee.orcs.account.admin.internal.oauth; + +import java.util.List; + +/** + * @author Roberto E. Escobar + */ +public interface OAuthClientCredential { + + long getClientId(); + + long getSubjectId(); + + long getApplicationId(); + + String getClientKey(); + + String getClientSecret(); + + List<String> getClientCertificates(); + +} diff --git a/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/OAuthTypes.java b/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/OAuthTypes.java new file mode 100644 index 00000000000..2362963fdc1 --- /dev/null +++ b/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/OAuthTypes.java @@ -0,0 +1,45 @@ +/******************************************************************************* + * Copyright (c) 2014 Boeing. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + * Contributors: + * Boeing - initial API and implementation + *******************************************************************************/ +package org.eclipse.osee.orcs.account.admin.internal.oauth; + +import org.eclipse.osee.framework.core.data.IArtifactType; +import org.eclipse.osee.framework.core.data.IAttributeType; +import org.eclipse.osee.framework.core.data.TokenFactory; +import org.eclipse.osee.orcs.data.ArtifactId; +import org.eclipse.osee.orcs.utility.OrcsUtil; + +/** + * @author Roberto E. Escobar + */ +public final class OAuthTypes { + + private OAuthTypes() { + // Constants + } + + // @formatter:off + public static final IArtifactType OAUTH_CLIENT = TokenFactory.createArtifactType(0x0A811854041F8326L, "OAuth Client"); + + public static final IAttributeType OAUTH_CLIENT_WEBSITE_URI = TokenFactory.createAttributeType(0x6C96C4E7AA77D058L, "Website URL"); + public static final IAttributeType OAUTH_CLIENT_LOGO_URI = TokenFactory.createAttributeType(0x6CDB5B52A133AFB1L, "Logo URL"); + + public static final IAttributeType OAUTH_CLIENT_IS_CONFIDENTIAL = TokenFactory.createAttributeType(0x0774F815D1F9E731L, "Is Confidential"); + public static final IAttributeType OAUTH_CLIENT_PROPERTIES = TokenFactory.createAttributeType(0x4E2EA052F480510AL, "Properties"); + + public static final IAttributeType OAUTH_CLIENT_AUTHORIZED_GRANT_TYPE = TokenFactory.createAttributeType(0x1ADA826121357000L, "Authorized Grant Type"); + public static final IAttributeType OAUTH_CLIENT_AUTHORIZED_REDIRECT_URI = TokenFactory.createAttributeType(0x4B4665B8E1002F28L, "Authorized Redirect URI"); + public static final IAttributeType OAUTH_CLIENT_AUTHORIZED_SCOPE = TokenFactory.createAttributeType(0x315964489A850F7AL, "Authorized Scope"); + public static final IAttributeType OAUTH_CLIENT_AUTHORIZED_AUDIENCE = TokenFactory.createAttributeType(0x635EBFA0D4A82E22L, "Authorized Audience"); + // @formatter:on + + public static final ArtifactId OAUTH_TYPES_ARTIFACT = OrcsUtil.newArtifactId("AmgrOMuL6U7uL9hBWCAA", "OAuthTypes"); + +} diff --git a/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/schema/OAUTH.DS.SCHEMA.xml b/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/schema/OAUTH.DS.SCHEMA.xml index 421f4447bb6..79464a4c22e 100644 --- a/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/schema/OAUTH.DS.SCHEMA.xml +++ b/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/schema/OAUTH.DS.SCHEMA.xml @@ -19,6 +19,9 @@ <Index id="OSEE_OAUTH_AUTHORIZATION__C_IDX" type="UNIQUE" tablespace="osee_index"> <AppliesTo id="CODE" /> </Index> + <Constraint schema="OSEE" id="OSEE_OAUTH_AUTHORIZATION__CI_FK" type="FOREIGN KEY" appliesTo="CLIENT_ID"> + <References schema="OSEE" table="OSEE_OAUTH_CLIENT_CREDENTIAL" column="CLIENT_ID" onDelete="CASCADE" /> + </Constraint> </Table> <Table name="OSEE_OAUTH_TOKEN" schema="OSEE" tablespace="osee_data"> @@ -40,6 +43,27 @@ <Index id="OSEE_OAUTH_TOKEN__TK_IDX" type="UNIQUE" tablespace="osee_index"> <AppliesTo id="TOKEN_KEY" /> </Index> + <Constraint schema="OSEE" id="OSEE_OAUTH_TOKEN__CI_FK" type="FOREIGN KEY" appliesTo="CLIENT_ID"> + <References schema="OSEE" table="OSEE_OAUTH_CLIENT_CREDENTIAL" column="CLIENT_ID" onDelete="CASCADE" /> + </Constraint> + </Table> + + <Table name="OSEE_OAUTH_CLIENT_CREDENTIAL" schema="OSEE" tablespace="osee_data"> + <Column id="CLIENT_ID" defaultValue="not null" type="BIGINT" /> + <Column id="APPLICATION_ID" defaultValue="not null" type="BIGINT" /> + <Column id="SUBJECT_ID" defaultValue="not null" type="BIGINT" /> + + <Column id="CLIENT_KEY" defaultValue="not null" limits="255" type="VARCHAR" /> + <Column id="CLIENT_SECRET" limits="255" type="VARCHAR" /> + <Column id="CLIENT_CERT" limits="255" type="VARCHAR" /> + + <Constraint schema="OSEE" id="OSEE_OAUTH_CLIENT_CREDENTIAL__U_PK" type="PRIMARY KEY" appliesTo="CLIENT_ID" /> + <Index id="OSEE_OAUTH_CLIENT_CREDENTIAL__CK_IDX" type="UNIQUE" tablespace="osee_index"> + <AppliesTo id="CLIENT_KEY" /> + </Index> + <Index id="OSEE_OAUTH_CLIENT_CREDENTIAL__AI_IDX" tablespace="osee_index"> + <AppliesTo id="APPLICATION_ID" /> + </Index> </Table> </TableConfig> diff --git a/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/types/OseeTypes_OAuth.osee b/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/types/OseeTypes_OAuth.osee new file mode 100644 index 00000000000..2d45b30262d --- /dev/null +++ b/plugins/org.eclipse.osee.orcs.account.admin/src/org/eclipse/osee/orcs/account/admin/internal/oauth/types/OseeTypes_OAuth.osee @@ -0,0 +1,92 @@ +import "platform:/plugin/org.eclipse.osee.framework.skynet.core/support/OseeTypes_Framework.osee" + +artifactType "OAuth Client" extends "Artifact" { + uuid 0x0A811854041F8326 + attribute "Description" + attribute "Website URI" + attribute "Logo URI" + attribute "Is Confidential" + attribute "Authorized Grant Type" + attribute "Authorized Redirect URI" + attribute "Authorized Scope" + attribute "Authorized Audience" + attribute "Properties" + attribute "Image Content" +} + +attributeType "Website URI" extends StringAttribute { + uuid 0x6C96C4E7AA77D058 + dataProvider DefaultAttributeDataProvider + min 0 + max 1 + taggerId DefaultAttributeTaggerProvider +} + +attributeType "Logo URI" extends StringAttribute { + uuid 0x6CDB5B52A133AFB1 + dataProvider DefaultAttributeDataProvider + min 0 + max 1 + taggerId DefaultAttributeTaggerProvider +} + +attributeType "Is Confidential" extends BooleanAttribute { + uuid 0x0774F815D1F9E731 + dataProvider DefaultAttributeDataProvider + min 1 + max 1 + mediaType "text/plain" + defaultValue "true" +} + +attributeType "Authorized Grant Type" extends EnumeratedAttribute { + uuid 0x1ADA826121357000 + dataProvider DefaultAttributeDataProvider + min 0 + max 4 + taggerId DefaultAttributeTaggerProvider + enumType "oauth.grant.type" + mediaType "text/plain" +} + +oseeEnumType "oauth.grant.type" { + uuid 0x1471F8E388582611 + entry "Authorization Code Grant" + entry "Implicit Grant" + entry "Resource Owner Password Credentials Grant" + entry "Client Credentials Grant" +} + +attributeType "Authorized Redirect URI" extends StringAttribute { + uuid 0x4B4665B8E1002F28 + dataProvider DefaultAttributeDataProvider + min 0 + max unlimited + taggerId DefaultAttributeTaggerProvider +} + +attributeType "Authorized Scope" extends StringAttribute { + uuid 0x315964489A850F7A + dataProvider DefaultAttributeDataProvider + min 0 + max unlimited + taggerId DefaultAttributeTaggerProvider + mediaType "text/plain" +} + +attributeType "Authorized Audience" extends StringAttribute { + uuid 0x635EBFA0D4A82E22 + dataProvider DefaultAttributeDataProvider + min 0 + max unlimited + taggerId DefaultAttributeTaggerProvider + mediaType "text/plain" +} + +attributeType "Properties" extends StringAttribute { + uuid 0x4E2EA052F480510A + dataProvider DefaultAttributeDataProvider + min 0 + max 1 + mediaType "application/json" +} diff --git a/plugins/org.eclipse.osee.orcs.db.mock/data/hsql.zip b/plugins/org.eclipse.osee.orcs.db.mock/data/hsql.zip Binary files differindex 9fba55294b5..8b60be48892 100644 --- a/plugins/org.eclipse.osee.orcs.db.mock/data/hsql.zip +++ b/plugins/org.eclipse.osee.orcs.db.mock/data/hsql.zip diff --git a/plugins/org.eclipse.osee.x.server.p2/demo/hsql.zip b/plugins/org.eclipse.osee.x.server.p2/demo/hsql.zip Binary files differindex 9943676e6a5..9d1e7dd489f 100644 --- a/plugins/org.eclipse.osee.x.server.p2/demo/hsql.zip +++ b/plugins/org.eclipse.osee.x.server.p2/demo/hsql.zip |