-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #6 from sailpoint-oss/sse-fixes-202103
Sse fixes 202103
- Loading branch information
Showing
58 changed files
with
979 additions
and
989 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
Developer Certificate of Origin | ||
Version 1.1 | ||
|
||
Copyright (C) 2004, 2006 The Linux Foundation and its contributors. | ||
1 Letterman Drive | ||
Suite D4700 | ||
San Francisco, CA, 94129 | ||
|
||
Everyone is permitted to copy and distribute verbatim copies of this | ||
license document, but changing it is not allowed. | ||
|
||
|
||
Developer's Certificate of Origin 1.1 | ||
|
||
By making a contribution to this project, I certify that: | ||
|
||
(a) The contribution was created in whole or in part by me and I | ||
have the right to submit it under the open source license | ||
indicated in the file; or | ||
|
||
(b) The contribution is based upon previous work that, to the best | ||
of my knowledge, is covered under an appropriate open source | ||
license and I have the right under that license to submit that | ||
work with modifications, whether created in whole or in part | ||
by me, under the same open source license (unless I am | ||
permitted to submit under a different license), as indicated | ||
in the file; or | ||
|
||
(c) The contribution was provided directly to me by some other | ||
person who certified (a), (b) or (c) and I have not modified | ||
it. | ||
|
||
(d) I understand and agree that this project and the contribution | ||
are public and that a record of the contribution (including all | ||
personal information I submit with it, including my sign-off) is | ||
maintained indefinitely and may be redistributed consistent with | ||
this project or the open source license(s) involved. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,58 +1,67 @@ | ||
# sse-openid-model | ||
|
||
An implementation of the Shared Signals and Events (SSE) data model for the Continuous | ||
Access Evaluation Protocol (CAEP) standard. | ||
Access Evaluation Protocol (CAEP) and Risk Incident Sharing and Coordination (RISC) event profiles. | ||
|
||
This library provides serialize-able POJOs and classes to implement SSE and CAEP under | ||
This library provides classes implementing SSE (both CAEP and RISC profiles) under | ||
a Java environment. It includes the following dependences: | ||
|
||
- com.nimbusds nimbus-jose-jwt for JSONObject and JWTClaimsSet | ||
- SLF4J for logging and exception printing and integrating with surrounding applications. | ||
|
||
|
||
|
||
## Examples | ||
|
||
Producing a Security Event Token using this library involves constructing the objects | ||
representing the `SubjectIdentifier`, the `SSEvent` (Shared Signals Event), and the JWTClaimsSet (Security | ||
Event Token) that will carry the event. | ||
representing the Subject Identifier, the Shared Signals Event, and the Security | ||
Event Token that will carry the event. There are specific event classes for each defined RISC and CAEP event. | ||
Construction follows the builder pattern. Events each have a validate() method to verify mandatory fields. | ||
|
||
SubjectIdentifier user = new SubjectIdentifier.Builder() | ||
.subjectType(SubjectIdentifierTypes.ISSUER_SUBJECT) | ||
.issuer("https://idp.example.com/3957ea72-1b66-44d6-a044-d805712b9288/") | ||
.subject("jane.smith@example.com") | ||
.build(); | ||
|
||
```java | ||
SubjectIdentifier subj = new SubjectIdentifier.Builder() | ||
.subjectType(SubjectIdentifier.EMAIL_SUBJECT_IDENTIFIER_TYPE) | ||
.email("foo@example.com") | ||
SubjectIdentifier device = new SubjectIdentifier.Builder() | ||
.subjectType(SubjectIdentifierTypes.ISSUER_SUBJECT) | ||
.issuer("https://idp.example.com/3957ea72-1b66-44d6-a044-d805712b9288/") | ||
.subject("e9297990-14d2-42ec-a4a9-4036db86509a") | ||
.build(); | ||
|
||
SSEvent evt = new SSEvent.Builder() | ||
.eventType(SSEventTypes.CAEP_IPADDR_CHANGED) | ||
.subject(subj) | ||
.ipAddress("123.45.67.89") | ||
SubjectIdentifier userDevice = new SubjectIdentifier.Builder() | ||
.subjectType(SubjectIdentifierTypes.USER_DEVICE_SESSION) | ||
.user(user) | ||
.device(device) | ||
.build(); | ||
|
||
CAEPSessionRevoked evt = new CAEPSessionRevoked.Builder() | ||
.subject(userDevice) | ||
.build(); | ||
evt.validate(); /* throws ValidationException */ | ||
|
||
JWTClaimsSet set = new JWTClaimsSet.Builder() | ||
.issuer("https://sp.example2.com/") | ||
.issuer("https://idp.example.com/") | ||
.jwtID("756E69717565206964656E746966696572") | ||
.issueTime(DateUtils.fromSecondsSinceEpoch(1520364019)) | ||
.issueTime(DateUtils.fromSecondsSinceEpoch(System.currentTimeMillis()/1000)) | ||
.audience("636C69656E745F6964") | ||
.claim(SEToken.EVENTS_CLAIM, evt) | ||
.build(); | ||
``` | ||
|
||
See more code examples in `OpenIDSSEProfileTest.java`. | ||
See more usage examples in `src/test`. | ||
|
||
## Compiling | ||
|
||
This library is implemented as a Gradle based java library. Running: | ||
This library is implemented as a Gradle based java library. Java 9+ is required. Running: | ||
|
||
./gradlew assemble | ||
./gradlew build | ||
|
||
Produces a versions .jar file in the build/libs directory: | ||
produces a versioned .jar file in the build/libs directory: | ||
|
||
ls -latr build/libs | ||
... 13308 Jul 29 12:33 sse-openid-model-0.1.0.jar | ||
... 13308 Jul 29 12:33 openid-sse-model-0.1.0-SNAPSHOT.jar | ||
|
||
## Testing | ||
|
||
The library has tests implemented in `/src/test/java/` and are run with Gradle: | ||
|
||
./gradlew test | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
20 changes: 20 additions & 0 deletions
20
src/main/java/com/sailpoint/sse/model/CAEPStreamUpdated.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
/* | ||
* Copyright (c) 2021 SailPoint Technologies, Inc. | ||
* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package com.sailpoint.sse.model; | ||
|
||
public class CAEPStreamUpdated extends CAEPBaseEvent { | ||
|
||
public static class Builder extends CAEPBaseEvent.Builder<CAEPStreamUpdated, CAEPStreamUpdated.Builder> { | ||
|
||
protected CAEPStreamUpdated createObj() {return new CAEPStreamUpdated();} | ||
protected CAEPStreamUpdated.Builder getThis() { return this; } | ||
|
||
public Builder() { | ||
super(SSEventTypes.SSE_STREAM_UPDATED); | ||
} | ||
} | ||
} |
43 changes: 43 additions & 0 deletions
43
src/main/java/com/sailpoint/sse/model/CAEPTokenClaimsChange.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
/* | ||
* Copyright (c) 2021 SailPoint Technologies, Inc. | ||
* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package com.sailpoint.sse.model; | ||
|
||
import com.nimbusds.jose.shaded.json.JSONObject; | ||
|
||
public class CAEPTokenClaimsChange extends CAEPBaseEvent { | ||
|
||
private static final String CLAIMS = "claims"; | ||
|
||
public static class Builder extends CAEPBaseEvent.Builder<CAEPTokenClaimsChange, CAEPTokenClaimsChange.Builder> { | ||
|
||
protected CAEPTokenClaimsChange createObj() {return new CAEPTokenClaimsChange();} | ||
protected CAEPTokenClaimsChange.Builder getThis() { return this; } | ||
|
||
public Builder() { | ||
super(SSEventTypes.CAEP_TOKEN_CLAIMS_CHANGE); | ||
} | ||
|
||
public CAEPTokenClaimsChange.Builder claims(final JSONObject newClaims) { | ||
members.put(CLAIMS, newClaims); | ||
return thisObj; | ||
} | ||
|
||
|
||
} | ||
|
||
@Override | ||
public void validate() throws ValidationException { | ||
super.validate(); | ||
JSONObject members = getEventMembers(); | ||
final Object o = members.get(CLAIMS); | ||
if (null == o) { | ||
throw new ValidationException(this.getClass().getName() + " member " + CLAIMS + " is missing or null."); | ||
} | ||
} | ||
|
||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.