def __activate__(self, context): self.velocityContext = context self.log = self.vc("log") self.systemConfig = self.vc("systemConfig") self.session = self.vc("sessionState") self.response = self.vc("response") self.request = self.vc("request") self.msg = "" self.appId = None uri = URLDecoder.decode(self.request.getAttribute("RequestURI")) matches = re.match("^(.*?)/(.*?)/(.*?)/(.*?)/(.*?)$", uri) if matches and matches.group(5): self.appId = matches.group(5) if not self.appId: self.msg = "No appId specified" self.log.error(self.msg) return self.log.debug("Getting configuration for: " + self.appId) self.consumerName = self.systemConfig.getString( None, "authserver", self.appId, "name") self.sharedKey = self.systemConfig.getString(None, "authserver", self.appId, "sharedKey") self.aud = self.systemConfig.getString(None, "authserver", self.appId, "aud") self.iss = self.systemConfig.getString(None, "authserver", self.appId, "iss") self.expiry = self.systemConfig.getInteger(None, "authserver", self.appId, "expiry") self.logoutUrl = self.systemConfig.getString(None, "authserver", self.appId, "logoutUrl") logout = self.request.getParameter("logout") if logout == "1": self.session.invalidate() self.response.sendRedirect(self.logoutUrl) return if not self.consumerName: self.msg = "Invalid configuration, no app name" self.log.error(self.msg) return if not self.sharedKey: self.msg = "Invalid shared Key" self.log.error(self.msg) return if not self.aud: self.msg = "Invalid aud" self.log.error(self.msg) return if not self.iss: self.msg = "Invalid iss" self.log.error(self.msg) return if not self.expiry: self.msg = "Invalid expiry" self.log.error(self.msg) return # Because we don't trust the configuration current_user = self.vc("page").authentication.get_username() isAdmin = self.vc("page").authentication.is_admin() # Admin only... if not isAdmin: self.msg = "Sorry, this page is only for administrators." self.log.error(self.msg) return # Get the roles... typ = "[\"" + "\",\"".join( self.vc("page").authentication.get_roles_list()) + "\"]" # Generating signature... dtNow = Date().getTime() now = dtNow / 1000 iat = now nbf = now - 1 exp = now + self.expiry secRandom = SecureRandom() jti = Long.toString(dtNow) + "_" + Integer.toString( secRandom.nextInt()) payload = Payload( '{"iss":"%s", "sub":"%s", "aud":"%s", "iat":"%s", "nbf":"%s", "exp":"%s", "jti":"%s", "typ":%s}' % (self.iss, current_user, self.aud, iat, nbf, exp, jti, typ)) jwsHeader = JWSHeader(JWSAlgorithm.HS256) macSigner = MACSigner(self.sharedKey) jwsObject = JWSObject(jwsHeader, payload) jwsObject.sign(macSigner) self.jws = jwsObject.serialize()
def __activate__(self, context): self.velocityContext = context self.log = self.vc("log") self.systemConfig = self.vc("systemConfig") self.session = self.vc("sessionState") self.response = self.vc("response") self.request = self.vc("request") self.msg = "" self.appId = None uri = URLDecoder.decode(self.request.getAttribute("RequestURI")) matches = re.match("^(.*?)/(.*?)/(.*?)/(.*?)/(.*?)$", uri) if matches and matches.group(5): self.appId = matches.group(5) if not self.appId: self.msg = "No appId specified" self.log.error(self.msg) return self.log.debug("Getting configuration for: " + self.appId) self.consumerName = self.systemConfig.getString(None, "authserver", self.appId, "name") self.sharedKey = self.systemConfig.getString(None, "authserver", self.appId, "sharedKey") self.aud = self.systemConfig.getString(None, "authserver", self.appId, "aud") self.iss = self.systemConfig.getString(None, "authserver", self.appId, "iss") self.expiry = self.systemConfig.getInteger(None, "authserver", self.appId, "expiry") self.logoutUrl = self.systemConfig.getString(None, "authserver", self.appId, "logoutUrl") logout = self.request.getParameter("logout") if logout == "1": self.session.invalidate() self.response.sendRedirect(self.logoutUrl) return if not self.consumerName: self.msg = "Invalid configuration, no app name" self.log.error(self.msg) return if not self.sharedKey: self.msg = "Invalid shared Key" self.log.error(self.msg) return if not self.aud: self.msg = "Invalid aud" self.log.error(self.msg) return if not self.iss: self.msg = "Invalid iss" self.log.error(self.msg) return if not self.expiry: self.msg = "Invalid expiry" self.log.error(self.msg) return # Because we don't trust the configuration current_user = self.vc("page").authentication.get_username() isAdmin = self.vc("page").authentication.is_admin() # Admin only... if not isAdmin: self.msg = "Sorry, this page is only for administrators." self.log.error(self.msg) return # Get the roles... typ = "[\"" + "\",\"".join(self.vc("page").authentication.get_roles_list()) + "\"]" # Generating signature... dtNow = Date().getTime() now = dtNow / 1000 iat = now nbf = now - 1 exp = now + self.expiry secRandom = SecureRandom() jti = Long.toString(dtNow) + "_" + Integer.toString(secRandom.nextInt()) payload = Payload('{"iss":"%s", "sub":"%s", "aud":"%s", "iat":"%s", "nbf":"%s", "exp":"%s", "jti":"%s", "typ":%s}' % (self.iss, current_user, self.aud, iat, nbf, exp, jti, typ)) jwsHeader = JWSHeader(JWSAlgorithm.HS256) macSigner = MACSigner(self.sharedKey) jwsObject = JWSObject(jwsHeader, payload) jwsObject.sign(macSigner) self.jws = jwsObject.serialize()