Details
diff --git a/server-spi-private/src/main/java/org/keycloak/broker/provider/util/SimpleHttp.java b/server-spi-private/src/main/java/org/keycloak/broker/provider/util/SimpleHttp.java
index 6c39c0d..024d78f 100755
--- a/server-spi-private/src/main/java/org/keycloak/broker/provider/util/SimpleHttp.java
+++ b/server-spi-private/src/main/java/org/keycloak/broker/provider/util/SimpleHttp.java
@@ -17,47 +17,55 @@
package org.keycloak.broker.provider.util;
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLSocketFactory;
+import org.apache.http.*;
+import org.apache.http.client.HttpClient;
+import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.methods.HttpRequestBase;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.message.BasicNameValuePair;
+import org.keycloak.connections.httpclient.HttpClientProvider;
+import org.keycloak.models.KeycloakSession;
+
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
-import java.io.OutputStream;
import java.io.StringWriter;
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.net.URLEncoder;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import java.util.zip.GZIPInputStream;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
* @author Vlastimil Elias (velias at redhat dot com)
+ * @author David Klassen (daviddd.kl@gmail.com)
*/
public class SimpleHttp {
+ private KeycloakSession session;
private String url;
private String method;
private Map<String, String> headers;
private Map<String, String> params;
- private SSLSocketFactory sslFactory;
- private HostnameVerifier hostnameVerifier;
-
- protected SimpleHttp(String url, String method) {
+ protected SimpleHttp(String url, String method, KeycloakSession session) {
+ this.session = session;
this.url = url;
this.method = method;
}
- public static SimpleHttp doGet(String url) {
- return new SimpleHttp(url, "GET");
+ public static SimpleHttp doGet(String url, KeycloakSession session) {
+ return new SimpleHttp(url, "GET", session);
}
- public static SimpleHttp doPost(String url) {
- return new SimpleHttp(url, "POST");
+ public static SimpleHttp doPost(String url, KeycloakSession session) {
+ return new SimpleHttp(url, "POST", session);
}
public SimpleHttp header(String name, String value) {
@@ -76,184 +84,93 @@ public class SimpleHttp {
return this;
}
- public SimpleHttp sslFactory(SSLSocketFactory factory) {
- sslFactory = factory;
- return this;
- }
-
- public SimpleHttp hostnameVerifier(HostnameVerifier verifier) {
- hostnameVerifier = verifier;
- return this;
- }
-
public String asString() throws IOException {
- boolean get = method.equals("GET");
- boolean post = method.equals("POST");
-
- StringBuilder sb = new StringBuilder();
- if (get) {
- sb.append(url);
- }
-
- if (params != null) {
- boolean f = true;
- for (Map.Entry<String, String> p : params.entrySet()) {
- if (f) {
- f = false;
- if (get) {
- sb.append("?");
+ HttpClient httpClient = session.getProvider(HttpClientProvider.class).getHttpClient();
+
+ HttpResponse response = makeRequest(httpClient);
+
+ InputStream is;
+ HttpEntity entity = response.getEntity();
+ if (entity != null) {
+ is = entity.getContent();
+ try {
+ HeaderIterator it = response.headerIterator();
+ while (it.hasNext()) {
+ Header header = it.nextHeader();
+ if (header.getName().equals("Content-Encoding") && header.getValue().equals("gzip")) {
+ is = new GZIPInputStream(is);
}
- } else {
- sb.append("&");
- }
- sb.append(URLEncoder.encode(p.getKey(), "UTF-8"));
- sb.append("=");
- sb.append(URLEncoder.encode(p.getValue(), "UTF-8"));
- }
- }
-
- if (get) {
- url = sb.toString();
- }
-
- HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();
- setupTruststoreIfApplicable(connection);
- OutputStream os = null;
- InputStream is = null;
-
- try {
- connection.setRequestMethod(method);
-
- if (headers != null) {
- for (Map.Entry<String, String> h : headers.entrySet()) {
- connection.setRequestProperty(h.getKey(), h.getValue());
- }
- }
-
- if (post) {
- String data = sb.toString();
-
- connection.setDoOutput(true);
- connection.setRequestMethod("POST");
- connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
- connection.setRequestProperty("Content-Length", String.valueOf(data.length()));
-
- os = connection.getOutputStream();
- os.write(data.getBytes());
- } else {
- connection.setDoOutput(false);
- }
-
- String ce = connection.getHeaderField("Content-Encoding");
- is = connection.getInputStream();
- if ("gzip".equals(ce)) {
- is = new GZIPInputStream(is);
- }
- return toString(is);
- } finally {
- if (os != null) {
- try {
- os.close();
- } catch (IOException e) {
}
- }
- if (is != null) {
- try {
+ return toString(is);
+ } finally {
+ if (is != null) {
is.close();
- } catch (IOException e) {
- }
- }
- if (connection != null) {
- try {
- connection.disconnect();
- } catch (Exception e) {
}
}
}
+ return null;
}
public int asStatus() throws IOException {
+ HttpClient httpClient = session.getProvider(HttpClientProvider.class).getHttpClient();
+
+ HttpResponse response = makeRequest(httpClient);
+
+ return response.getStatusLine().getStatusCode();
+ }
+
+ private HttpResponse makeRequest(HttpClient httpClient) throws IOException {
boolean get = method.equals("GET");
boolean post = method.equals("POST");
- StringBuilder sb = new StringBuilder();
+ HttpRequestBase httpRequest = new HttpPost(url);
if (get) {
- sb.append(url);
+ httpRequest = new HttpGet(appendParameterToUrl(url));
}
- if (params != null) {
- boolean f = true;
- for (Map.Entry<String, String> p : params.entrySet()) {
- if (f) {
- f = false;
- if (get) {
- sb.append("?");
- }
- } else {
- sb.append("&");
- }
- sb.append(URLEncoder.encode(p.getKey(), "UTF-8"));
- sb.append("=");
- sb.append(URLEncoder.encode(p.getValue(), "UTF-8"));
- }
+ if (post) {
+ ((HttpPost) httpRequest).setEntity(getFormEntityFromParameter());
}
- if (get) {
- url = sb.toString();
+ if (headers != null) {
+ for (Map.Entry<String, String> h : headers.entrySet()) {
+ httpRequest.setHeader(h.getKey(), h.getValue());
+ }
}
- HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();
- setupTruststoreIfApplicable(connection);
- OutputStream os = null;
- InputStream is = null;
+ return httpClient.execute(httpRequest);
+ }
+
+ private URI appendParameterToUrl(String url) throws IOException {
+ URI uri = null;
try {
- connection.setRequestMethod(method);
+ URIBuilder uriBuilder = new URIBuilder(url);
- if (headers != null) {
- for (Map.Entry<String, String> h : headers.entrySet()) {
- connection.setRequestProperty(h.getKey(), h.getValue());
+ if (params != null) {
+ for (Map.Entry<String, String> p : params.entrySet()) {
+ uriBuilder.setParameter(p.getKey(), p.getValue());
}
}
- if (post) {
- String data = sb.toString();
-
- connection.setDoOutput(true);
- connection.setRequestMethod("POST");
- connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
- connection.setRequestProperty("Content-Length", String.valueOf(data.length()));
+ uri = uriBuilder.build();
+ } catch (URISyntaxException e) {
+ }
- os = connection.getOutputStream();
- os.write(data.getBytes());
- } else {
- connection.setDoOutput(false);
- }
+ return uri;
+ }
- is = connection.getInputStream();
- return connection.getResponseCode();
- } finally {
- if (os != null) {
- try {
- os.close();
- } catch (IOException e) {
- }
- }
+ private UrlEncodedFormEntity getFormEntityFromParameter() throws IOException{
+ List<NameValuePair> urlParameters = new ArrayList<>();
- if (is != null) {
- try {
- is.close();
- } catch (IOException e) {
- }
- }
- if (connection != null) {
- try {
- connection.disconnect();
- } catch (Exception e) {
- }
+ if (params != null) {
+ for (Map.Entry<String, String> p : params.entrySet()) {
+ urlParameters.add(new BasicNameValuePair(p.getKey(), p.getValue()));
}
}
+
+ return new UrlEncodedFormEntity(urlParameters);
}
private String toString(InputStream is) throws IOException {
@@ -268,14 +185,4 @@ public class SimpleHttp {
return writer.toString();
}
-
- private void setupTruststoreIfApplicable(HttpURLConnection connection) {
- if (connection instanceof HttpsURLConnection && sslFactory != null) {
- HttpsURLConnection con = (HttpsURLConnection) connection;
- con.setSSLSocketFactory(sslFactory);
- if (hostnameVerifier != null) {
- con.setHostnameVerifier(hostnameVerifier);
- }
- }
- }
}
diff --git a/services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java b/services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java
index eb0dd69..7f02e43 100755
--- a/services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java
+++ b/services/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java
@@ -34,7 +34,6 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.services.ErrorPage;
import org.keycloak.services.messages.Messages;
-import org.keycloak.truststore.JSSETruststoreConfigurator;
import javax.ws.rs.GET;
import javax.ws.rs.QueryParam;
@@ -250,15 +249,12 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
}
public SimpleHttp generateTokenRequest(String authorizationCode) {
- JSSETruststoreConfigurator configurator = new JSSETruststoreConfigurator(session);
- return SimpleHttp.doPost(getConfig().getTokenUrl())
+ return SimpleHttp.doPost(getConfig().getTokenUrl(), session)
.param(OAUTH2_PARAMETER_CODE, authorizationCode)
.param(OAUTH2_PARAMETER_CLIENT_ID, getConfig().getClientId())
.param(OAUTH2_PARAMETER_CLIENT_SECRET, getConfig().getClientSecret())
.param(OAUTH2_PARAMETER_REDIRECT_URI, uriInfo.getAbsolutePath().toString())
- .param(OAUTH2_PARAMETER_GRANT_TYPE, OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE)
- .sslFactory(configurator.getSSLSocketFactory())
- .hostnameVerifier(configurator.getHostnameVerifier());
+ .param(OAUTH2_PARAMETER_GRANT_TYPE, OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE);
}
}
}
diff --git a/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java b/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
index 616b36a..4a8a71a 100755
--- a/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
+++ b/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
@@ -24,7 +24,6 @@ import org.keycloak.broker.provider.AuthenticationRequest;
import org.keycloak.broker.provider.BrokeredIdentityContext;
import org.keycloak.broker.provider.IdentityBrokerException;
import org.keycloak.broker.provider.util.SimpleHttp;
-import org.keycloak.common.util.PemUtils;
import org.keycloak.common.util.Time;
import org.keycloak.events.Errors;
import org.keycloak.events.EventBuilder;
@@ -45,7 +44,6 @@ import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.IdentityBrokerService;
import org.keycloak.services.resources.RealmsResource;
-import org.keycloak.truststore.JSSETruststoreConfigurator;
import org.keycloak.util.JsonSerialization;
import javax.ws.rs.GET;
@@ -132,7 +130,7 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
logoutUri.queryParam("id_token_hint", idToken);
String url = logoutUri.build().toString();
try {
- int status = JsonSimpleHttp.doGet(url).asStatus();
+ int status = JsonSimpleHttp.doGet(url, session).asStatus();
boolean success = status >=200 && status < 400;
if (!success) {
logger.warn("Failed backchannel broker logout to: " + url);
@@ -174,15 +172,12 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
*/
public String refreshToken(KeycloakSession session, UserSessionModel userSession) {
String refreshToken = userSession.getNote(FEDERATED_REFRESH_TOKEN);
- JSSETruststoreConfigurator configurator = new JSSETruststoreConfigurator(session);
try {
- return SimpleHttp.doPost(getConfig().getTokenUrl())
+ return SimpleHttp.doPost(getConfig().getTokenUrl(), session)
.param("refresh_token", refreshToken)
.param(OAUTH2_PARAMETER_GRANT_TYPE, OAUTH2_GRANT_TYPE_REFRESH_TOKEN)
.param(OAUTH2_PARAMETER_CLIENT_ID, getConfig().getClientId())
- .param(OAUTH2_PARAMETER_CLIENT_SECRET, getConfig().getClientSecret())
- .sslFactory(configurator.getSSLSocketFactory())
- .hostnameVerifier(configurator.getHostnameVerifier()).asString();
+ .param(OAUTH2_PARAMETER_CLIENT_SECRET, getConfig().getClientSecret()).asString();
} catch (IOException e) {
throw new RuntimeException(e);
}
@@ -246,7 +241,7 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
if (!getConfig().isDisableUserInfoService()) {
String userInfoUrl = getUserInfoUrl();
if (userInfoUrl != null && !userInfoUrl.isEmpty() && (id == null || name == null || preferredUsername == null || email == null)) {
- SimpleHttp request = JsonSimpleHttp.doGet(userInfoUrl)
+ SimpleHttp request = JsonSimpleHttp.doGet(userInfoUrl, session)
.header("Authorization", "Bearer " + accessToken);
JsonNode userInfo = JsonSimpleHttp.asJson(request);
diff --git a/services/src/main/java/org/keycloak/broker/oidc/util/JsonSimpleHttp.java b/services/src/main/java/org/keycloak/broker/oidc/util/JsonSimpleHttp.java
index 6a283f7..57ef727 100755
--- a/services/src/main/java/org/keycloak/broker/oidc/util/JsonSimpleHttp.java
+++ b/services/src/main/java/org/keycloak/broker/oidc/util/JsonSimpleHttp.java
@@ -20,6 +20,7 @@ package org.keycloak.broker.oidc.util;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.keycloak.broker.provider.util.SimpleHttp;
+import org.keycloak.models.KeycloakSession;
import java.io.IOException;
@@ -28,16 +29,16 @@ import java.io.IOException;
* @version $Revision: 1 $
*/
public class JsonSimpleHttp extends SimpleHttp {
- public JsonSimpleHttp(String url, String method) {
- super(url, method);
+ public JsonSimpleHttp(String url, String method, KeycloakSession session) {
+ super(url, method, session);
}
- public static JsonSimpleHttp doGet(String url) {
- return new JsonSimpleHttp(url, "GET");
+ public static JsonSimpleHttp doGet(String url, KeycloakSession session) {
+ return new JsonSimpleHttp(url, "GET", session);
}
- public static JsonSimpleHttp doPost(String url) {
- return new JsonSimpleHttp(url, "POST");
+ public static JsonSimpleHttp doPost(String url, KeycloakSession session) {
+ return new JsonSimpleHttp(url, "POST", session);
}
private static ObjectMapper mapper = new ObjectMapper();
diff --git a/services/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java b/services/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java
index 1f8f793..8eeb25c 100755
--- a/services/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java
+++ b/services/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java
@@ -159,7 +159,7 @@ public class SAMLIdentityProvider extends AbstractIdentityProvider<SAMLIdentityP
SAML2LogoutRequestBuilder logoutBuilder = buildLogoutRequest(userSession, uriInfo, realm, singleLogoutServiceUrl);
JaxrsSAML2BindingBuilder binding = buildLogoutBinding(session, userSession, realm);
try {
- int status = SimpleHttp.doPost(singleLogoutServiceUrl)
+ int status = SimpleHttp.doPost(singleLogoutServiceUrl, session)
.param(GeneralConstants.SAML_REQUEST_KEY, binding.postBinding(logoutBuilder.buildDocument()).encoded())
.param(GeneralConstants.RELAY_STATE, userSession.getId()).asStatus();
boolean success = status >=200 && status < 400;
diff --git a/services/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java b/services/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java
index f76057d..bd6ca54 100755
--- a/services/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java
+++ b/services/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java
@@ -47,7 +47,7 @@ public class FacebookIdentityProvider extends AbstractOAuth2IdentityProvider imp
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
try {
- JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken));
+ JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL, session).header("Authorization", "Bearer " + accessToken));
String id = getJsonProperty(profile, "id");
diff --git a/services/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java b/services/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java
index cf2a53e..7169293 100755
--- a/services/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java
+++ b/services/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java
@@ -48,7 +48,7 @@ public class GitHubIdentityProvider extends AbstractOAuth2IdentityProvider imple
@Override
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
try {
- JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken));
+ JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL, session).header("Authorization", "Bearer " + accessToken));
BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id"));
diff --git a/services/src/main/java/org/keycloak/social/linkedin/LinkedInIdentityProvider.java b/services/src/main/java/org/keycloak/social/linkedin/LinkedInIdentityProvider.java
index 3c424f6..d3befd7 100755
--- a/services/src/main/java/org/keycloak/social/linkedin/LinkedInIdentityProvider.java
+++ b/services/src/main/java/org/keycloak/social/linkedin/LinkedInIdentityProvider.java
@@ -57,7 +57,7 @@ public class LinkedInIdentityProvider extends AbstractOAuth2IdentityProvider imp
protected BrokeredIdentityContext doGetFederatedIdentity(String accessToken) {
log.debug("doGetFederatedIdentity()");
try {
- JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL).header("Authorization", "Bearer " + accessToken));
+ JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(PROFILE_URL, session).header("Authorization", "Bearer " + accessToken));
BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "id"));
diff --git a/services/src/main/java/org/keycloak/social/microsoft/MicrosoftIdentityProvider.java b/services/src/main/java/org/keycloak/social/microsoft/MicrosoftIdentityProvider.java
index a935141..224733b 100755
--- a/services/src/main/java/org/keycloak/social/microsoft/MicrosoftIdentityProvider.java
+++ b/services/src/main/java/org/keycloak/social/microsoft/MicrosoftIdentityProvider.java
@@ -62,7 +62,7 @@ public class MicrosoftIdentityProvider extends AbstractOAuth2IdentityProvider im
if (log.isDebugEnabled()) {
log.debug("Microsoft Live user profile request to: " + URL);
}
- JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(URL));
+ JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(URL, session));
String id = getJsonProperty(profile, "id");
diff --git a/services/src/main/java/org/keycloak/social/stackoverflow/StackoverflowIdentityProvider.java b/services/src/main/java/org/keycloak/social/stackoverflow/StackoverflowIdentityProvider.java
index 4f9e4b2..43ccc6c 100755
--- a/services/src/main/java/org/keycloak/social/stackoverflow/StackoverflowIdentityProvider.java
+++ b/services/src/main/java/org/keycloak/social/stackoverflow/StackoverflowIdentityProvider.java
@@ -63,7 +63,7 @@ public class StackoverflowIdentityProvider extends AbstractOAuth2IdentityProvide
if (log.isDebugEnabled()) {
log.debug("StackOverflow profile request to: " + URL);
}
- JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(URL)).get("items").get(0);
+ JsonNode profile = JsonSimpleHttp.asJson(SimpleHttp.doGet(URL, session)).get("items").get(0);
BrokeredIdentityContext user = new BrokeredIdentityContext(getJsonProperty(profile, "user_id"));
