airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From machris...@apache.org
Subject airavata git commit: AIRAVATA-2342 Setting up trust store for Keycloak ResteasyClient
Date Tue, 23 May 2017 20:59:27 GMT
Repository: airavata
Updated Branches:
  refs/heads/develop 0a6afd12e -> 0eda7d202


AIRAVATA-2342 Setting up trust store for Keycloak ResteasyClient

The Keycloak ResteasyClient uses its own SSLContext so can't rely on the
configuration of the default SSLContext that the TrustStoreManager
performs.


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/0eda7d20
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/0eda7d20
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/0eda7d20

Branch: refs/heads/develop
Commit: 0eda7d202c68bc64caa876a888b92e035d9ebcef
Parents: 0a6afd1
Author: Marcus Christie <machristie@apache.org>
Authored: Tue May 23 16:55:24 2017 -0400
Committer: Marcus Christie <machristie@apache.org>
Committed: Tue May 23 16:57:50 2017 -0400

----------------------------------------------------------------------
 .../core/impl/TenantManagementKeycloakImpl.java | 63 ++++++++++++++++----
 .../handlers/IamAdminServicesHandler.java       | 15 ++---
 2 files changed, 56 insertions(+), 22 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/0eda7d20/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
index 0d2e9a8..60a8f5d 100644
--- a/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
+++ b/airavata-services/profile-service/iam-admin-services-core/src/main/java/org/apache/airavata/service/profile/iam/admin/services/core/impl/TenantManagementKeycloakImpl.java
@@ -28,12 +28,19 @@ import org.apache.airavata.model.user.UserProfile;
 import org.apache.airavata.model.workspace.Gateway;
 import org.apache.airavata.service.profile.iam.admin.services.core.interfaces.TenantManagementInterface;
 import org.apache.airavata.service.profile.iam.admin.services.cpi.exception.IamAdminServicesException;
+import org.jboss.resteasy.client.jaxrs.ResteasyClient;
+import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
 import org.keycloak.admin.client.Keycloak;
+import org.keycloak.admin.client.KeycloakBuilder;
 import org.keycloak.admin.client.resource.UserResource;
 import org.keycloak.representations.idm.*;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+
 import javax.ws.rs.core.Response;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.KeyStore;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -42,23 +49,57 @@ public class TenantManagementKeycloakImpl implements TenantManagementInterface
{
 
     private final static Logger logger = LoggerFactory.getLogger(TenantManagementKeycloakImpl.class);
 
+    // TODO: close Keycloak client once done with it?
     private static Keycloak getClient(String adminUrl, String realm, PasswordCredential AdminPasswordCreds)
{
 
-        return Keycloak.getInstance(
-                adminUrl,
-                realm, // the realm to log in to
-                AdminPasswordCreds.getLoginUserName(), AdminPasswordCreds.getPassword(),
 // the user
-                "admin-cli"); // admin-cli is the client ID used for keycloak admin operations.
+        ResteasyClient resteasyClient = new ResteasyClientBuilder()
+                .connectionPoolSize(10)
+                .trustStore(loadKeyStore())
+                .build();
+        return KeycloakBuilder.builder()
+                .serverUrl(adminUrl)
+                .realm(realm)
+                .username(AdminPasswordCreds.getLoginUserName())
+                .password(AdminPasswordCreds.getPassword())
+                .clientId("admin-cli")
+                .resteasyClient(resteasyClient)
+                .build();
     }
 
     private static Keycloak getClient(String adminUrl, String realm, String authToken) {
 
-        return Keycloak.getInstance(
-                adminUrl,
-                realm, // the realm to log in to
-                "admin-cli",
-                authToken // the realm admin's auth token
-            );
+        ResteasyClient resteasyClient = new ResteasyClientBuilder()
+                    .connectionPoolSize(10)
+                    .trustStore(loadKeyStore())
+                    .build();
+        return KeycloakBuilder.builder()
+                .serverUrl(adminUrl)
+                .realm(realm)
+                .authorization(authToken)
+                .clientId("admin-cli")
+                .resteasyClient(resteasyClient)
+                .build();
+    }
+
+    private static KeyStore loadKeyStore() {
+
+        FileInputStream fis = null;
+        try {
+            fis = new java.io.FileInputStream(ServerSettings.getTrustStorePath());
+            KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+            ks.load(fis, ServerSettings.getTrustStorePassword().toCharArray());
+            return ks;
+        } catch (Exception e) {
+            throw new RuntimeException("Failed to load trust store KeyStore instance", e);
+        } finally {
+            if (fis != null) {
+                try {
+                    fis.close();
+                } catch (IOException e) {
+                    logger.error("Failed to close trust store FileInputStream", e);
+                }
+            }
+        }
     }
 
     @Override

http://git-wip-us.apache.org/repos/asf/airavata/blob/0eda7d20/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
----------------------------------------------------------------------
diff --git a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
index 26fa1ed..9f33cd5 100644
--- a/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
+++ b/airavata-services/profile-service/profile-service-server/src/main/java/org/apache/airavata/service/profile/handlers/IamAdminServicesHandler.java
@@ -37,23 +37,16 @@ import org.apache.thrift.TException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.URL;
 import java.util.List;
 
 public class IamAdminServicesHandler implements IamAdminServices.Iface {
 
     private final static Logger logger = LoggerFactory.getLogger(IamAdminServicesHandler.class);
 
-    public IamAdminServicesHandler() {
-
-        try {
-            //initialize SSL context with the trust store that contains the CA cert signing
the Keycloak server cert
-            TrustStoreManager trustStoreManager = new TrustStoreManager();
-            trustStoreManager.initializeTrustStoreManager(ServerSettings.getTrustStorePath(),
-                    ServerSettings.getTrustStorePassword());
-        } catch (Exception e) {
-            throw new RuntimeException(e.getMessage(), e);
-        }
-    }
 
     @Override
     public String getAPIVersion(AuthzToken authzToken) throws IamAdminServicesException,
AuthorizationException {


Mime
View raw message