Merge pull request #3924 from daklassen/KEYCLOAK-2486

KEYCLOAK-2486: Update SimpleHTTP to use Apache HTTP Client
This commit is contained in:
Stian Thorgersen 2017-03-15 09:50:06 +01:00 committed by GitHub
commit 2aa93d7d55
10 changed files with 95 additions and 196 deletions

View file

@ -17,47 +17,55 @@
package org.keycloak.broker.provider.util;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocketFactory;
import org.apache.http.*;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.message.BasicNameValuePair;
import org.keycloak.connections.httpclient.HttpClientProvider;
import org.keycloak.models.KeycloakSession;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.StringWriter;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.zip.GZIPInputStream;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
* @author Vlastimil Elias (velias at redhat dot com)
* @author David Klassen (daviddd.kl@gmail.com)
*/
public class SimpleHttp {
private KeycloakSession session;
private String url;
private String method;
private Map<String, String> headers;
private Map<String, String> params;
private SSLSocketFactory sslFactory;
private HostnameVerifier hostnameVerifier;
protected SimpleHttp(String url, String method) {
protected SimpleHttp(String url, String method, KeycloakSession session) {
this.session = session;
this.url = url;
this.method = method;
}
public static SimpleHttp doGet(String url) {
return new SimpleHttp(url, "GET");
public static SimpleHttp doGet(String url, KeycloakSession session) {
return new SimpleHttp(url, "GET", session);
}
public static SimpleHttp doPost(String url) {
return new SimpleHttp(url, "POST");
public static SimpleHttp doPost(String url, KeycloakSession session) {
return new SimpleHttp(url, "POST", session);
}
public SimpleHttp header(String name, String value) {
@ -76,184 +84,93 @@ public class SimpleHttp {
return this;
}
public SimpleHttp sslFactory(SSLSocketFactory factory) {
sslFactory = factory;
return this;
}
public SimpleHttp hostnameVerifier(HostnameVerifier verifier) {
hostnameVerifier = verifier;
return this;
}
public String asString() throws IOException {
boolean get = method.equals("GET");
boolean post = method.equals("POST");
HttpClient httpClient = session.getProvider(HttpClientProvider.class).getHttpClient();
StringBuilder sb = new StringBuilder();
if (get) {
sb.append(url);
}
HttpResponse response = makeRequest(httpClient);
if (params != null) {
boolean f = true;
for (Map.Entry<String, String> p : params.entrySet()) {
if (f) {
f = false;
if (get) {
sb.append("?");
InputStream is;
HttpEntity entity = response.getEntity();
if (entity != null) {
is = entity.getContent();
try {
HeaderIterator it = response.headerIterator();
while (it.hasNext()) {
Header header = it.nextHeader();
if (header.getName().equals("Content-Encoding") && header.getValue().equals("gzip")) {
is = new GZIPInputStream(is);
}
} else {
sb.append("&");
}
sb.append(URLEncoder.encode(p.getKey(), "UTF-8"));
sb.append("=");
sb.append(URLEncoder.encode(p.getValue(), "UTF-8"));
}
}
if (get) {
url = sb.toString();
}
HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();
setupTruststoreIfApplicable(connection);
OutputStream os = null;
InputStream is = null;
try {
connection.setRequestMethod(method);
if (headers != null) {
for (Map.Entry<String, String> h : headers.entrySet()) {
connection.setRequestProperty(h.getKey(), h.getValue());
}
}
if (post) {
String data = sb.toString();
connection.setDoOutput(true);
connection.setRequestMethod("POST");
connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
connection.setRequestProperty("Content-Length", String.valueOf(data.length()));
os = connection.getOutputStream();
os.write(data.getBytes());
} else {
connection.setDoOutput(false);
}
String ce = connection.getHeaderField("Content-Encoding");
is = connection.getInputStream();
if ("gzip".equals(ce)) {
is = new GZIPInputStream(is);
}
return toString(is);
} finally {
if (os != null) {
try {
os.close();
} catch (IOException e) {
}
}
if (is != null) {
try {
return toString(is);
} finally {
if (is != null) {
is.close();
} catch (IOException e) {
}
}
if (connection != null) {
try {
connection.disconnect();
} catch (Exception e) {
}
}
}
return null;
}
public int asStatus() throws IOException {
HttpClient httpClient = session.getProvider(HttpClientProvider.class).getHttpClient();
HttpResponse response = makeRequest(httpClient);
return response.getStatusLine().getStatusCode();
}
private HttpResponse makeRequest(HttpClient httpClient) throws IOException {
boolean get = method.equals("GET");
boolean post = method.equals("POST");
StringBuilder sb = new StringBuilder();
HttpRequestBase httpRequest = new HttpPost(url);
if (get) {
sb.append(url);
httpRequest = new HttpGet(appendParameterToUrl(url));
}
if (params != null) {
boolean f = true;
for (Map.Entry<String, String> p : params.entrySet()) {
if (f) {
f = false;
if (get) {
sb.append("?");
}
} else {
sb.append("&");
}
sb.append(URLEncoder.encode(p.getKey(), "UTF-8"));
sb.append("=");
sb.append(URLEncoder.encode(p.getValue(), "UTF-8"));
if (post) {
((HttpPost) httpRequest).setEntity(getFormEntityFromParameter());
}
if (headers != null) {
for (Map.Entry<String, String> h : headers.entrySet()) {
httpRequest.setHeader(h.getKey(), h.getValue());
}
}
if (get) {
url = sb.toString();
}
return httpClient.execute(httpRequest);
}
HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();
setupTruststoreIfApplicable(connection);
OutputStream os = null;
InputStream is = null;
private URI appendParameterToUrl(String url) throws IOException {
URI uri = null;
try {
connection.setRequestMethod(method);
URIBuilder uriBuilder = new URIBuilder(url);
if (headers != null) {
for (Map.Entry<String, String> h : headers.entrySet()) {
connection.setRequestProperty(h.getKey(), h.getValue());
if (params != null) {
for (Map.Entry<String, String> p : params.entrySet()) {
uriBuilder.setParameter(p.getKey(), p.getValue());
}
}
if (post) {
String data = sb.toString();
uri = uriBuilder.build();
} catch (URISyntaxException e) {
}
connection.setDoOutput(true);
connection.setRequestMethod("POST");
connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
connection.setRequestProperty("Content-Length", String.valueOf(data.length()));
return uri;
}
os = connection.getOutputStream();
os.write(data.getBytes());
} else {
connection.setDoOutput(false);
}
private UrlEncodedFormEntity getFormEntityFromParameter() throws IOException{
List<NameValuePair> urlParameters = new ArrayList<>();
is = connection.getInputStream();
return connection.getResponseCode();
} finally {
if (os != null) {
try {
os.close();
} catch (IOException e) {
}
}
if (is != null) {
try {
is.close();
} catch (IOException e) {
}
}
if (connection != null) {
try {
connection.disconnect();
} catch (Exception e) {
}
if (params != null) {
for (Map.Entry<String, String> p : params.entrySet()) {
urlParameters.add(new BasicNameValuePair(p.getKey(), p.getValue()));
}
}
return new UrlEncodedFormEntity(urlParameters);
}
private String toString(InputStream is) throws IOException {
@ -268,14 +185,4 @@ public class SimpleHttp {
return writer.toString();
}
private void setupTruststoreIfApplicable(HttpURLConnection connection) {
if (connection instanceof HttpsURLConnection && sslFactory != null) {
HttpsURLConnection con = (HttpsURLConnection) connection;
con.setSSLSocketFactory(sslFactory);
if (hostnameVerifier != null) {
con.setHostnameVerifier(hostnameVerifier);
}
}
}
}

View file

@ -34,7 +34,6 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.ErrorPage;
import org.keycloak.services.messages.Messages;
import org.keycloak.truststore.JSSETruststoreConfigurator;
import javax.ws.rs.GET;
import javax.ws.rs.QueryParam;
@ -250,15 +249,12 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
}
public SimpleHttp generateTokenRequest(String authorizationCode) {
JSSETruststoreConfigurator configurator = new JSSETruststoreConfigurator(session);
return SimpleHttp.doPost(getConfig().getTokenUrl())
return SimpleHttp.doPost(getConfig().getTokenUrl(), session)
.param(OAUTH2_PARAMETER_CODE, authorizationCode)
.param(OAUTH2_PARAMETER_CLIENT_ID, getConfig().getClientId())
.param(OAUTH2_PARAMETER_CLIENT_SECRET, getConfig().getClientSecret())
.param(OAUTH2_PARAMETER_REDIRECT_URI, uriInfo.getAbsolutePath().toString())
.param(OAUTH2_PARAMETER_GRANT_TYPE, OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE)
.sslFactory(configurator.getSSLSocketFactory())
.hostnameVerifier(configurator.getHostnameVerifier());
.param(OAUTH2_PARAMETER_GRANT_TYPE, OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE);
}
}
}

View file

@ -24,7 +24,6 @@ import org.keycloak.broker.provider.AuthenticationRequest;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.common.util.PemUtils;
import org.keycloak.common.util.Time;
import org.keycloak.events.Errors;
import org.keycloak.events.EventBuilder;
@ -45,7 +44,6 @@ import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.IdentityBrokerService;
import org.keycloak.services.resources.RealmsResource;
import org.keycloak.truststore.JSSETruststoreConfigurator;
import org.keycloak.util.JsonSerialization;
import javax.ws.rs.GET;
@ -132,7 +130,7 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
logoutUri.queryParam("id_token_hint", idToken);
String url = logoutUri.build().toString();
try {
int status = JsonSimpleHttp.doGet(url).asStatus();
int status = JsonSimpleHttp.doGet(url, session).asStatus();
boolean success = status >=200 && status < 400;
if (!success) {
logger.warn("Failed backchannel broker logout to: " + url);
@ -174,15 +172,12 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
*/
public String refreshToken(KeycloakSession session, UserSessionModel userSession) {
String refreshToken = userSession.getNote(FEDERATED_REFRESH_TOKEN);
JSSETruststoreConfigurator configurator = new JSSETruststoreConfigurator(session);
try {
return SimpleHttp.doPost(getConfig().getTokenUrl())
return SimpleHttp.doPost(getConfig().getTokenUrl(), session)
.param("refresh_token", refreshToken)
.param(OAUTH2_PARAMETER_GRANT_TYPE, OAUTH2_GRANT_TYPE_REFRESH_TOKEN)
.param(OAUTH2_PARAMETER_CLIENT_ID, getConfig().getClientId())
.param(OAUTH2_PARAMETER_CLIENT_SECRET, getConfig().getClientSecret())
.sslFactory(configurator.getSSLSocketFactory())
.hostnameVerifier(configurator.getHostnameVerifier()).asString();
.param(OAUTH2_PARAMETER_CLIENT_SECRET, getConfig().getClientSecret()).asString();
} catch (IOException e) {
throw new RuntimeException(e);
}
@ -246,7 +241,7 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
if (!getConfig().isDisableUserInfoService()) {
String userInfoUrl = getUserInfoUrl();
if (userInfoUrl != null && !userInfoUrl.isEmpty() && (id == null || name == null || preferredUsername == null || email == null)) {
SimpleHttp request = JsonSimpleHttp.doGet(userInfoUrl)
SimpleHttp request = JsonSimpleHttp.doGet(userInfoUrl, session)
.header("Authorization", "Bearer " + accessToken);
JsonNode userInfo = JsonSimpleHttp.asJson(request);

View file

@ -20,6 +20,7 @@ package org.keycloak.broker.oidc.util;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.models.KeycloakSession;
import java.io.IOException;
@ -28,16 +29,16 @@ import java.io.IOException;
* @version $Revision: 1 $
*/
public class JsonSimpleHttp extends SimpleHttp {
public JsonSimpleHttp(String url, String method) {
super(url, method);
public JsonSimpleHttp(String url, String method, KeycloakSession session) {
super(url, method, session);
}
public static JsonSimpleHttp doGet(String url) {
return new JsonSimpleHttp(url, "GET");
public static JsonSimpleHttp doGet(String url, KeycloakSession session) {
return new JsonSimpleHttp(url, "GET", session);
}
public static JsonSimpleHttp doPost(String url) {
return new JsonSimpleHttp(url, "POST");
public static JsonSimpleHttp doPost(String url, KeycloakSession session) {
return new JsonSimpleHttp(url, "POST", session);
}
private static ObjectMapper mapper = new ObjectMapper();

View file

@ -159,7 +159,7 @@ public class SAMLIdentityProvider extends AbstractIdentityProvider<SAMLIdentityP
SAML2LogoutRequestBuilder logoutBuilder = buildLogoutRequest(userSession, uriInfo, realm, singleLogoutServiceUrl);
JaxrsSAML2BindingBuilder binding = buildLogoutBinding(session, userSession, realm);
try {
int status = SimpleHttp.doPost(singleLogoutServiceUrl)
int status = SimpleHttp.doPost(singleLogoutServiceUrl, session)
.param(GeneralConstants.SAML_REQUEST_KEY, binding.postBinding(logoutBuilder.buildDocument()).encoded())
.param(GeneralConstants.RELAY_STATE, userSession.getId()).asStatus();
boolean success = status >=200 && status < 400;

View file

@ -47,7 +47,7 @@ public class FacebookIdentityProvider extends AbstractOAuth2IdentityProvider imp
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
try {
JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken));
JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL, session).header("Authorization", "Bearer " + accessToken));
String id = getJsonProperty(profile, "id");

View file

@ -48,7 +48,7 @@ public class GitHubIdentityProvider extends AbstractOAuth2IdentityProvider imple
@Override
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
try {
JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken));
JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL, session).header("Authorization", "Bearer " + accessToken));
BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id"));

View file

@ -57,7 +57,7 @@ public class LinkedInIdentityProvider extends AbstractOAuth2IdentityProvider imp
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
log.debug("doGetFederatedIdentity()");
try {
JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken));
JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL, session).header("Authorization", "Bearer " + accessToken));
BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id"));

View file

@ -62,7 +62,7 @@ public class MicrosoftIdentityProvider extends AbstractOAuth2IdentityProvider im
if (log.isDebugEnabled()) {
log.debug("Microsoft Live user profile request to: " + URL);
}
JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(URL));
JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(URL, session));
String id = getJsonProperty(profile, "id");

View file

@ -63,7 +63,7 @@ public class StackoverflowIdentityProvider extends AbstractOAuth2IdentityProvide
if (log.isDebugEnabled()) {
log.debug("StackOverflow profile request to: " + URL);
}
JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(URL)).get("items").get(0);
JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(URL, session)).get("items").get(0);
BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "user_id"));