Upgrade to Keycloak 25

sweid4keycloak · Jul 11, 2024 · e64a5be · e64a5be
1 parent 6e6e18a
commit e64a5be
Show file tree

Hide file tree

Showing 5 changed files with 124 additions and 14 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,2 +1,2 @@
-FROM quay.io/keycloak/keycloak:24.0.3
+FROM quay.io/keycloak/keycloak:25.0.1
 COPY target/bankid4keycloak-*.jar /opt/keycloak/providers
diff --git a/pom.xml b/pom.xml
@@ -5,15 +5,15 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>sweid4keycloak</groupId>
 	<artifactId>bankid4keycloak</artifactId>
-	<version>24.1.0-SNAPSHOT</version>
+	<version>25.0.0-SNAPSHOT</version>
 	<packaging>jar</packaging>
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<java.version>11</java.version>
 		<maven.compiler.source>${java.version}</maven.compiler.source>
 		<maven.compiler.target>${java.version}</maven.compiler.target>
-		<keycloak.version>24.0.3</keycloak.version>
-		<google.zxing.version>3.4.0</google.zxing.version>
+		<keycloak.version>25.0.1</keycloak.version>
+		<google.zxing.version>3.5.3</google.zxing.version>
 	</properties>
 	<licenses>
 		<license>

diff --git a/src/main/java/org/keycloak/broker/bankid/BankidEndpoint.java b/src/main/java/org/keycloak/broker/bankid/BankidEndpoint.java
@@ -182,9 +182,8 @@ public Response done(@QueryParam("state") String state, @QueryParam("bankidref")
 			AuthenticationSessionModel authSession = this.callback.getAndVerifyAuthenticationSession(state);
 			provider.getSession().getContext().setAuthenticationSession(authSession);
 			BrokeredIdentityContext identity = new BrokeredIdentityContext(
-					getConfig().getAlias().concat("." + getUsername(user)));
+					getConfig().getAlias().concat("." + getUsername(user)), getConfig());
 
-			identity.setIdpConfig(config);
 			identity.setIdp(provider);
 			identity.setUsername(getUsername(user));
 			identity.setFirstName(user.getGivenName());

diff --git a/src/main/java/org/keycloak/broker/bankid/client/Response.java b/src/main/java/org/keycloak/broker/bankid/client/Response.java
@@ -0,0 +1,101 @@
+package org.keycloak.broker.bankid.client;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.StringWriter;
+import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
+import java.util.zip.GZIPInputStream;
+
+import org.apache.http.Header;
+import org.apache.http.HeaderIterator;
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.entity.ContentType;
+import org.keycloak.connections.httpclient.SafeInputStream;
+import org.keycloak.util.JsonSerialization;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+public class Response {
+    private static final ObjectMapper mapper = new ObjectMapper();
+
+    private HttpResponse response;
+    private long maxConsumedResponseSize;
+
+    private int statusCode = -1;
+    private ContentType contentType;
+    private String responseString;
+
+    public Response(HttpResponse response, long maxConsumedResponseSize) {
+        this.response = response;
+        this.maxConsumedResponseSize = maxConsumedResponseSize;
+    }
+
+    public int getStatus() throws IOException {
+        if ( this.response != null ) {
+            return this.response.getStatusLine().getStatusCode();
+        } else {
+            throw new IOException("Invalid response");
+        }
+    }
+
+    public String asString() throws IOException {
+        readResponse();
+        return responseString;
+    }
+
+    public JsonNode asJson() throws IOException {
+        return mapper.readTree(this.asString());
+    }
+
+    public <T> T asJson(Class<T> type) throws IOException {
+        return JsonSerialization.readValue(asString(), type);
+    }
+
+    private void readResponse() throws IOException {
+        if (statusCode == -1) {
+            statusCode = response.getStatusLine().getStatusCode();
+
+            InputStream is;
+            HttpEntity entity = response.getEntity();
+            if (entity != null) {
+                is = entity.getContent();
+                contentType = ContentType.getOrDefault(entity);
+                Charset charset = contentType.getCharset();
+                try {
+                    HeaderIterator it = response.headerIterator();
+                    while (it.hasNext()) {
+                        Header header = it.nextHeader();
+                        if (header.getName().equals("Content-Encoding") && header.getValue().equals("gzip")) {
+                            is = new GZIPInputStream(is);
+                        }
+                    }
+
+                    is = new SafeInputStream(is, maxConsumedResponseSize);
+
+                    try (InputStreamReader reader = charset == null ? new InputStreamReader(is, StandardCharsets.UTF_8) :
+                            new InputStreamReader(is, charset)) {
+
+                        StringWriter writer = new StringWriter();
+
+                        char[] buffer = new char[1024 * 4];
+                        for (int n = reader.read(buffer); n != -1; n = reader.read(buffer)) {
+                            writer.write(buffer, 0, n);
+                        }
+
+                        responseString = writer.toString();
+                    }
+                } finally {
+                    if (is != null) {
+                        is.close();
+                    }
+                }
+            }
+        }
+    }
+
+
+}
diff --git a/src/main/java/org/keycloak/broker/bankid/client/SimpleBankidClient.java b/src/main/java/org/keycloak/broker/bankid/client/SimpleBankidClient.java
@@ -4,23 +4,31 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import org.apache.http.HttpHeaders;
+import org.apache.http.HttpResponse;
 import org.apache.http.client.HttpClient;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.methods.HttpRequestBase;
+import org.apache.http.entity.ContentType;
+import org.apache.http.entity.StringEntity;
 import org.jboss.logging.Logger;
 import org.keycloak.broker.bankid.model.AuthRequest;
 import org.keycloak.broker.bankid.model.AuthResponse;
 import org.keycloak.broker.bankid.model.BankidHintCodes;
 import org.keycloak.broker.bankid.model.CollectResponse;
 import org.keycloak.broker.bankid.model.Requirements;
-import org.keycloak.broker.provider.util.SimpleHttp;
-import org.keycloak.broker.provider.util.SimpleHttp.Response;
 import org.keycloak.models.AuthenticationExecutionModel.Requirement;
+import org.keycloak.util.JsonSerialization;
 
 import com.fasterxml.jackson.databind.JsonNode;
 
 public class SimpleBankidClient {
 
 	private static final Logger logger = Logger.getLogger(SimpleBankidClient.class);
-
+
+	// Responses from BankID will never be more than 1MB
+	private static final long MAX_CONSUMED_RESPONSE_SIZE = 1000000;
+
 	private HttpClient bankidHttpClient;
 	private String baseUrl;
 
@@ -78,11 +86,13 @@ public void sendCancel(String orderrRef) {
 
 	private Response sendRequest(String path, Object entity) {
 		try {
-			Response response = SimpleHttp.doPost(
-					this.baseUrl + path,
-					this.bankidHttpClient)
-					.json(entity)
-					.asResponse();
+			HttpPost request = new HttpPost(this.baseUrl + path);
+			request.setEntity(new StringEntity(JsonSerialization.writeValueAsString(entity),ContentType.APPLICATION_JSON));
+			request.setHeader(HttpHeaders.CONTENT_TYPE, "application/json");
+			request.setHeader(HttpHeaders.ACCEPT, "application/json");
+
+			Response response = new Response(this.bankidHttpClient.execute(request), MAX_CONSUMED_RESPONSE_SIZE);
+
 			switch (response.getStatus()) {
 				case 200:
 					return response;