1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
require 'net/http'
require 'json'
$VERSION_MAJOR = 0
$VERSION_MINOR = 0
$VERSION_MICRO = 5
class ReclaimOidc
def initialize(verbose=false, url='http://localhost:7776')
@verbose = verbose
@url = url
@client_secret = get_client_secret()
end
def self.version
return "#{$VERSION_MAJOR}.#{$VERSION_MINOR}.#{$VERSION_MICRO}"
end
def parse_identities_from_http(body)
arr = JSON.parse(body)
ids = []
arr.each do |obj|
obj["secret"] = @client_secret
ids << ReclaimOidc::Client.from_json(obj)
end
ids
end
def get_client_secret
uri = URI(@url + '/config/reclaim-rest-plugin')
resp = JSON.parse Net::HTTP.get(uri)
return resp["OIDC_CLIENT_SECRET"]
end
def get_clients
uri = URI(@url + '/identity/all')
ids = parse_identities_from_http(Net::HTTP.get(uri))
result = []
ids.each do |id|
uri = URI(@url + "/namestore/#{id.name}")
id.parse_client_info(JSON.parse(Net::HTTP.get(uri)))
next if id.redirect_uri.nil?
result << id
end
result
end
def add_client(name,redirect_uri,description)
raise if redirect_uri.nil? or description.nil? or name.nil?
uri = URI(@url + '/identity')
payload = {'name' => "#{name}"}
#resp = Net::HTTP.post(uri, payload)
#req = Net::HTTP::Post.new(uri, payload.to_json)
Net::HTTP.start(uri.host, uri.port) do |http|
resp = http.post(uri.path, payload.to_json)
end
uri = URI(@url + "/namestore/#{name}")
records = {'record_name' => "@",
'data' => []}
records["data"] << {'record_type' => "RECLAIM_OIDC_CLIENT",
'value' => description,
'expiration_time' => "1h",
'flag' => 8}
records["data"] << {'record_type' => "RECLAIM_OIDC_REDIRECT",
'value' => redirect_uri,
'expiration_time' => "1h",
'flag' => 8}
Net::HTTP.start(uri.host, uri.port) do |http|
resp = http.post(uri.path,records.to_json)
end
end
def delete_client(name)
raise if name.nil?
uri = URI(@url + "/identity/name/#{name}")
Net::HTTP.start(uri.host, uri.port) do |http|
request = Net::HTTP::Delete.new uri
resp = http.request request # Net::HTTPResponse object
end
end
def get_op_info
uri = URI(@url + '/config/reclaim-rest-plugin')
resp = JSON.parse Net::HTTP.get(uri)
op = {}
op['jwt_key'] = resp["JWT_SECRET"]
op['jwt_algo'] = 'HS512' # FIXME
host = 'http://localhost:7776'
op['authz_endpoint'] = host + '/openid/authorize'
op['token_endpoint'] = host + '/openid/token'
op['userinfo_endpoint'] = host + '/openid/userinfo'
op
end
def set_jwt_secret
raise
end
class Client
attr_reader :name, :key, :description, :redirect_uri, :secret
def initialize(name, key, secret)
@name = name
@key = key
@secret = secret
end
def self.from_json(obj)
id = Client.new(obj['name'], obj['pubkey'], obj['secret'])
end
def parse_client_info(obj)
obj.each do |record|
if "@" != record["record_name"]
next
end
record["data"].each do |data|
if (data['record_type'] == 'RECLAIM_OIDC_CLIENT')
@description = data['value']
end
if (data['record_type'] == 'RECLAIM_OIDC_REDIRECT')
@redirect_uri = data['value']
end
end
end
end
end
end
|
