diff --git a/doc/licenses/adal4j-1.6.7/LICENSE b/doc/licenses/adal4j-1.6.7/LICENSE new file mode 100644 index 000000000..48bc6bb49 --- /dev/null +++ b/doc/licenses/adal4j-1.6.7/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) Microsoft Corporation + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/doc/licenses/adal4j-1.6.7/README b/doc/licenses/adal4j-1.6.7/README new file mode 100644 index 000000000..34062836d --- /dev/null +++ b/doc/licenses/adal4j-1.6.7/README @@ -0,0 +1,8 @@ +adal4j (https://github.com/AzureAD/azure-activedirectory-library-for-java) +-------------------------------------------------------------------------- + + Version: 1.6.7 + From: 'Microsoft Corporation' (https://microsoft.com/) + License(s): + MIT (bundled/adal4j-1.6.7/LICENSE) + diff --git a/doc/licenses/adal4j-1.6.7/dep-coordinates.txt b/doc/licenses/adal4j-1.6.7/dep-coordinates.txt new file mode 100644 index 000000000..e8e0f3b2f --- /dev/null +++ b/doc/licenses/adal4j-1.6.7/dep-coordinates.txt @@ -0,0 +1 @@ +com.microsoft.azure:adal4j:jar:1.6.7 diff --git a/doc/licenses/apache-commons-lang-3.8.1/NOTICE b/doc/licenses/apache-commons-lang-3.8.1/NOTICE new file mode 100644 index 000000000..0f4ac594a --- /dev/null +++ b/doc/licenses/apache-commons-lang-3.8.1/NOTICE @@ -0,0 +1,5 @@ +Apache Commons Lang +Copyright 2001-2018 The Apache Software Foundation + +This product includes software developed at +The Apache Software Foundation (http://www.apache.org/). diff --git a/doc/licenses/apache-commons-lang-3.8.1/README b/doc/licenses/apache-commons-lang-3.8.1/README new file mode 100644 index 000000000..d8cf381ef --- /dev/null +++ b/doc/licenses/apache-commons-lang-3.8.1/README @@ -0,0 +1,8 @@ +Apache Commons Lang (http://commons.apache.org/proper/commons-lang/) +-------------------------------------------------------------------- + + Version: 3.8.1 + From: 'Apache Software Foundation' (https://www.apache.org/) + License(s): + Apache v2.0 + diff --git a/doc/licenses/apache-commons-lang-3.8.1/dep-coordinates.txt b/doc/licenses/apache-commons-lang-3.8.1/dep-coordinates.txt new file mode 100644 index 000000000..f3305d051 --- /dev/null +++ b/doc/licenses/apache-commons-lang-3.8.1/dep-coordinates.txt @@ -0,0 +1 @@ +org.apache.commons:commons-lang3:jar:3.8.1 diff --git a/doc/licenses/asm-8.0.1/LICENSE.txt b/doc/licenses/asm-8.0.1/LICENSE.txt new file mode 100644 index 000000000..4d191851a --- /dev/null +++ b/doc/licenses/asm-8.0.1/LICENSE.txt @@ -0,0 +1,28 @@ + + ASM: a very small and fast Java bytecode manipulation framework + Copyright (c) 2000-2011 INRIA, France Telecom + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the copyright holders nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF + THE POSSIBILITY OF SUCH DAMAGE. diff --git a/doc/licenses/asm-8.0.1/README b/doc/licenses/asm-8.0.1/README new file mode 100644 index 000000000..304b95281 --- /dev/null +++ b/doc/licenses/asm-8.0.1/README @@ -0,0 +1,8 @@ +ASM (https://asm.ow2.io/) +------------------------- + + Version: 8.0.1 + From: 'INRIA, France Telecom' + License(s): + BSD 3-clause (bundled/asm-8.0.1/LICENSE.txt) + diff --git a/doc/licenses/asm-8.0.1/dep-coordinates.txt b/doc/licenses/asm-8.0.1/dep-coordinates.txt new file mode 100644 index 000000000..cf52dc1a7 --- /dev/null +++ b/doc/licenses/asm-8.0.1/dep-coordinates.txt @@ -0,0 +1 @@ +org.ow2.asm:asm:jar:8.0.1 diff --git a/doc/licenses/autorest-client-runtime-1.7.4/LICENSE b/doc/licenses/autorest-client-runtime-1.7.4/LICENSE new file mode 100644 index 000000000..4918d653b --- /dev/null +++ b/doc/licenses/autorest-client-runtime-1.7.4/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2016 Microsoft Azure + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/doc/licenses/autorest-client-runtime-1.7.4/README b/doc/licenses/autorest-client-runtime-1.7.4/README new file mode 100644 index 000000000..e8a65f14f --- /dev/null +++ b/doc/licenses/autorest-client-runtime-1.7.4/README @@ -0,0 +1,9 @@ +AutoRest Client Runtimes for Java +(https://github.com/Azure/autorest-clientruntime-for-java) +---------------------------------------------------------- + + Version: 1.7.4 + From: 'Microsoft Azure' (https://azure.microsoft.com/) + License(s): + MIT (bundled/autorest-client-runtime-1.7.4/LICENSE) + diff --git a/doc/licenses/autorest-client-runtime-1.7.4/dep-coordinates.txt b/doc/licenses/autorest-client-runtime-1.7.4/dep-coordinates.txt new file mode 100644 index 000000000..5d1dc913f --- /dev/null +++ b/doc/licenses/autorest-client-runtime-1.7.4/dep-coordinates.txt @@ -0,0 +1,2 @@ +com.microsoft.rest:client-runtime:jar:1.7.4 +com.microsoft.azure:azure-client-runtime:jar:1.7.4 diff --git a/doc/licenses/azure-annotations-1.10.0/License.txt b/doc/licenses/azure-annotations-1.10.0/License.txt new file mode 100644 index 000000000..fbe8e19b3 --- /dev/null +++ b/doc/licenses/azure-annotations-1.10.0/License.txt @@ -0,0 +1,28 @@ +/** + * Copyright (c) Microsoft Corporation. All rights reserved. + * Licensed under the MIT License. See License.txt in the project root for + * license information. + */ + +NOTE: The above has been extracted from the source of the "azure-annotations" +library, as may be downloaded from Maven Central: + +https://search.maven.org/remotecontent?filepath=com/microsoft/azure/azure-annotations/1.10.0/azure-annotations-1.10.0-sources.jar + +Unfortunately, the "License.txt" file noted is not included with the source +.jar, and the GitHub repository referenced by the pom.xml of +"azure-annotations" is not publicly visible: + +https://github.com/Microsoft/java-api-annotations + +I (Mike Jumper) have reached out to Microsoft to correct this and to request a +copy of the "License.txt" file if access to this repository cannot be fixed in +the near future. Until then, the above should serve as reasonable confirmation +that this library is indeed (1) licensed under the MIT license and (2) +copyright Microsoft Corporation. + +For reference, the terms of the open source license widely known as the "MIT +license" can be found here: + +https://opensource.org/licenses/MIT + diff --git a/doc/licenses/azure-annotations-1.10.0/README b/doc/licenses/azure-annotations-1.10.0/README new file mode 100644 index 000000000..183f0f76e --- /dev/null +++ b/doc/licenses/azure-annotations-1.10.0/README @@ -0,0 +1,9 @@ +Microsoft Azure SDK Annotations +(https://github.com/Microsoft/java-api-annotations) +--------------------------------------------------- + + Version: 1.10.0 + From: 'Microsoft Corporation' (https://microsoft.com/) + License(s): + MIT (bundled/azure-annotations-1.10.0/License.txt) + diff --git a/doc/licenses/azure-annotations-1.10.0/dep-coordinates.txt b/doc/licenses/azure-annotations-1.10.0/dep-coordinates.txt new file mode 100644 index 000000000..f96581d3c --- /dev/null +++ b/doc/licenses/azure-annotations-1.10.0/dep-coordinates.txt @@ -0,0 +1 @@ +com.microsoft.azure:azure-annotations:jar:1.10.0 diff --git a/doc/licenses/azure-sdk-for-java-1.2.4/LICENSE.txt b/doc/licenses/azure-sdk-for-java-1.2.4/LICENSE.txt new file mode 100644 index 000000000..49d21669a --- /dev/null +++ b/doc/licenses/azure-sdk-for-java-1.2.4/LICENSE.txt @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2015 Microsoft + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/doc/licenses/azure-sdk-for-java-1.2.4/README b/doc/licenses/azure-sdk-for-java-1.2.4/README new file mode 100644 index 000000000..9e6e3fd08 --- /dev/null +++ b/doc/licenses/azure-sdk-for-java-1.2.4/README @@ -0,0 +1,8 @@ +Azure SDK for Java (https://github.com/Azure/azure-sdk-for-java/) +----------------------------------------------------------------- + + Version: 1.2.4 + From: 'Microsoft' (https://microsoft.com/) + License(s): + MIT (bundled/azure-sdk-for-java-1.2.4/LICENSE.txt) + diff --git a/doc/licenses/azure-sdk-for-java-1.2.4/dep-coordinates.txt b/doc/licenses/azure-sdk-for-java-1.2.4/dep-coordinates.txt new file mode 100644 index 000000000..9bfa04c27 --- /dev/null +++ b/doc/licenses/azure-sdk-for-java-1.2.4/dep-coordinates.txt @@ -0,0 +1,5 @@ +com.microsoft.azure:azure-keyvault-core:jar:1.2.4 +com.microsoft.azure:azure-keyvault-cryptography:jar:1.2.4 +com.microsoft.azure:azure-keyvault-webkey:jar:1.2.4 +com.microsoft.azure:azure-keyvault:jar:1.2.4 + diff --git a/doc/licenses/gson-2.8.0/README b/doc/licenses/gson-2.8.0/README new file mode 100644 index 000000000..40530bbf6 --- /dev/null +++ b/doc/licenses/gson-2.8.0/README @@ -0,0 +1,8 @@ +Gson (https://github.com/google/gson) +------------------------------------- + + Version: 2.8.0 + From: 'Google Inc.' (http://www.google.com/) + License(s): + Apache v2.0 + diff --git a/doc/licenses/gson-2.8.0/dep-coordinates.txt b/doc/licenses/gson-2.8.0/dep-coordinates.txt new file mode 100644 index 000000000..d171937b9 --- /dev/null +++ b/doc/licenses/gson-2.8.0/dep-coordinates.txt @@ -0,0 +1 @@ +com.google.code.gson:gson:jar:2.8.0 diff --git a/doc/licenses/jackson-2.13.1/dep-coordinates.txt b/doc/licenses/jackson-2.13.1/dep-coordinates.txt index f2cbd8d67..f469e53ff 100644 --- a/doc/licenses/jackson-2.13.1/dep-coordinates.txt +++ b/doc/licenses/jackson-2.13.1/dep-coordinates.txt @@ -2,4 +2,5 @@ com.fasterxml.jackson.core:jackson-databind:jar:2.13.1 com.fasterxml.jackson.core:jackson-core:jar:2.13.1 com.fasterxml.jackson.core:jackson-annotations:jar:2.13.1 com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:jar:2.13.1 +com.fasterxml.jackson.datatype:jackson-datatype-joda:jar:2.13.1 com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.13.1 diff --git a/doc/licenses/joda-time-2.10.8/NOTICE b/doc/licenses/joda-time-2.10.8/NOTICE new file mode 100644 index 000000000..b8f54d7b2 --- /dev/null +++ b/doc/licenses/joda-time-2.10.8/NOTICE @@ -0,0 +1,2 @@ +This product includes software developed by +Joda.org (https://www.joda.org/). diff --git a/doc/licenses/joda-time-2.10.8/README b/doc/licenses/joda-time-2.10.8/README new file mode 100644 index 000000000..ee8d28c96 --- /dev/null +++ b/doc/licenses/joda-time-2.10.8/README @@ -0,0 +1,8 @@ +Joda-Time (https://www.joda.org/joda-time/) +---------------------------------------------- + + Version: 2.10.8 + From: 'Joda.org' (https://www.joda.org/) + License(s): + Apache v2.0 + diff --git a/doc/licenses/joda-time-2.10.8/dep-coordinates.txt b/doc/licenses/joda-time-2.10.8/dep-coordinates.txt new file mode 100644 index 000000000..0cc75bc83 --- /dev/null +++ b/doc/licenses/joda-time-2.10.8/dep-coordinates.txt @@ -0,0 +1 @@ +joda-time:joda-time:jar:2.10.8 diff --git a/doc/licenses/json-smart-2.4.2/LICENSE b/doc/licenses/json-smart-2.4.2/LICENSE new file mode 100644 index 000000000..8f71f43fe --- /dev/null +++ b/doc/licenses/json-smart-2.4.2/LICENSE @@ -0,0 +1,202 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/doc/licenses/json-smart-2.4.2/README b/doc/licenses/json-smart-2.4.2/README new file mode 100644 index 000000000..6ba0bb66a --- /dev/null +++ b/doc/licenses/json-smart-2.4.2/README @@ -0,0 +1,8 @@ +json-smart (https://netplex.github.io/json-smart/) +-------------------------------------------------- + + Version: 2.4.2 + From: 'Uriel Chemouni' (https://github.com/UrielCh) + License(s): + Apache v2.0 + diff --git a/doc/licenses/json-smart-2.4.2/dep-coordinates.txt b/doc/licenses/json-smart-2.4.2/dep-coordinates.txt new file mode 100644 index 000000000..bf1c8b44b --- /dev/null +++ b/doc/licenses/json-smart-2.4.2/dep-coordinates.txt @@ -0,0 +1,2 @@ +net.minidev:accessors-smart:jar:2.4.2 +net.minidev:json-smart:jar:2.4.2 diff --git a/doc/licenses/lang-tag-1.5/README b/doc/licenses/lang-tag-1.5/README new file mode 100644 index 000000000..2de3b0e74 --- /dev/null +++ b/doc/licenses/lang-tag-1.5/README @@ -0,0 +1,8 @@ +Nimbus Language Tags (https://bitbucket.org/connect2id/nimbus-language-tags) +---------------------------------------------------------------------------- + + Version: 1.5 + From: 'Connect2id Ltd.' (https://connect2id.com/) + License(s): + Apache v2.0 + diff --git a/doc/licenses/lang-tag-1.5/dep-coordinates.txt b/doc/licenses/lang-tag-1.5/dep-coordinates.txt new file mode 100644 index 000000000..fd885a12b --- /dev/null +++ b/doc/licenses/lang-tag-1.5/dep-coordinates.txt @@ -0,0 +1 @@ +com.nimbusds:lang-tag:jar:1.5 diff --git a/doc/licenses/nimbus-content-type-2.1/README b/doc/licenses/nimbus-content-type-2.1/README new file mode 100644 index 000000000..13b925e21 --- /dev/null +++ b/doc/licenses/nimbus-content-type-2.1/README @@ -0,0 +1,8 @@ +Nimbus Content Type (https://bitbucket.org/connect2id/nimbus-content-type) +-------------------------------------------------------------------------- + + Version: 2.1 + From: 'Connect2id Ltd.' (https://connect2id.com/) + License(s): + Apache v2.0 + diff --git a/doc/licenses/nimbus-content-type-2.1/dep-coordinates.txt b/doc/licenses/nimbus-content-type-2.1/dep-coordinates.txt new file mode 100644 index 000000000..8910f18d2 --- /dev/null +++ b/doc/licenses/nimbus-content-type-2.1/dep-coordinates.txt @@ -0,0 +1 @@ +com.nimbusds:content-type:jar:2.1 diff --git a/doc/licenses/nimbus-jose-jwt-9.8.1/README b/doc/licenses/nimbus-jose-jwt-9.8.1/README new file mode 100644 index 000000000..5035f4127 --- /dev/null +++ b/doc/licenses/nimbus-jose-jwt-9.8.1/README @@ -0,0 +1,8 @@ +Nimbus JOSE+JWT (https://bitbucket.org/connect2id/nimbus-jose-jwt) +------------------------------------------------------------------ + + Version: 9.8.1 + From: 'Connect2id Ltd.' (https://connect2id.com/) + License(s): + Apache v2.0 + diff --git a/doc/licenses/nimbus-jose-jwt-9.8.1/dep-coordinates.txt b/doc/licenses/nimbus-jose-jwt-9.8.1/dep-coordinates.txt new file mode 100644 index 000000000..d15ff6d87 --- /dev/null +++ b/doc/licenses/nimbus-jose-jwt-9.8.1/dep-coordinates.txt @@ -0,0 +1 @@ +com.nimbusds:nimbus-jose-jwt:jar:9.8.1 diff --git a/doc/licenses/oauth2-oidc-sdk-9.4/README b/doc/licenses/oauth2-oidc-sdk-9.4/README new file mode 100644 index 000000000..f32808a0e --- /dev/null +++ b/doc/licenses/oauth2-oidc-sdk-9.4/README @@ -0,0 +1,9 @@ +Nimbus OAuth 2.0 SDK with OpenID Connect extensions +(https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions) +------------------------------------------------------------------------------- + + Version: 9.4 + From: 'Connect2id Ltd.' (https://connect2id.com/) + License(s): + Apache v2.0 + diff --git a/doc/licenses/oauth2-oidc-sdk-9.4/dep-coordinates.txt b/doc/licenses/oauth2-oidc-sdk-9.4/dep-coordinates.txt new file mode 100644 index 000000000..2bce0c919 --- /dev/null +++ b/doc/licenses/oauth2-oidc-sdk-9.4/dep-coordinates.txt @@ -0,0 +1 @@ +com.nimbusds:oauth2-oidc-sdk:jar:9.4 diff --git a/doc/licenses/okhttp-3.14.7/README b/doc/licenses/okhttp-3.14.7/README new file mode 100644 index 000000000..c3bd4173b --- /dev/null +++ b/doc/licenses/okhttp-3.14.7/README @@ -0,0 +1,8 @@ +OkHttp (https://github.com/square/okhttp) +----------------------------------------- + + Version: 3.14.7 + From: 'Square, Inc.' (http://square.github.io/) + License(s): + Apache v2.0 + diff --git a/doc/licenses/okhttp-3.14.7/dep-coordinates.txt b/doc/licenses/okhttp-3.14.7/dep-coordinates.txt new file mode 100644 index 000000000..9729cd760 --- /dev/null +++ b/doc/licenses/okhttp-3.14.7/dep-coordinates.txt @@ -0,0 +1,3 @@ +com.squareup.okhttp3:logging-interceptor:jar:3.14.7 +com.squareup.okhttp3:okhttp-urlconnection:jar:3.14.7 +com.squareup.okhttp3:okhttp:jar:3.14.7 diff --git a/doc/licenses/okio-1.17.2/README b/doc/licenses/okio-1.17.2/README new file mode 100644 index 000000000..13471ad46 --- /dev/null +++ b/doc/licenses/okio-1.17.2/README @@ -0,0 +1,8 @@ +Okio (https://github.com/square/okio) +------------------------------------- + + Version: 1.17.2 + From: 'Square, Inc.' (http://square.github.io/) + License(s): + Apache v2.0 + diff --git a/doc/licenses/okio-1.17.2/dep-coordinates.txt b/doc/licenses/okio-1.17.2/dep-coordinates.txt new file mode 100644 index 000000000..54ab8297c --- /dev/null +++ b/doc/licenses/okio-1.17.2/dep-coordinates.txt @@ -0,0 +1 @@ +com.squareup.okio:okio:jar:1.17.2 diff --git a/doc/licenses/retrofit-2.7.2/README b/doc/licenses/retrofit-2.7.2/README new file mode 100644 index 000000000..83fea9db2 --- /dev/null +++ b/doc/licenses/retrofit-2.7.2/README @@ -0,0 +1,8 @@ +Retrofit (https://github.com/square/retrofit) +--------------------------------------------- + + Version: 2.7.2 + From: 'Square, Inc.' (http://square.github.io/) + License(s): + Apache v2.0 + diff --git a/doc/licenses/retrofit-2.7.2/dep-coordinates.txt b/doc/licenses/retrofit-2.7.2/dep-coordinates.txt new file mode 100644 index 000000000..ff175a09d --- /dev/null +++ b/doc/licenses/retrofit-2.7.2/dep-coordinates.txt @@ -0,0 +1,3 @@ +com.squareup.retrofit2:adapter-rxjava:jar:2.7.2 +com.squareup.retrofit2:converter-jackson:jar:2.7.2 +com.squareup.retrofit2:retrofit:jar:2.7.2 diff --git a/doc/licenses/rxjava-1.3.8/LICENSE b/doc/licenses/rxjava-1.3.8/LICENSE new file mode 100644 index 000000000..7f8ced0d1 --- /dev/null +++ b/doc/licenses/rxjava-1.3.8/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2012 Netflix, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/doc/licenses/rxjava-1.3.8/README b/doc/licenses/rxjava-1.3.8/README new file mode 100644 index 000000000..9aaa62d61 --- /dev/null +++ b/doc/licenses/rxjava-1.3.8/README @@ -0,0 +1,8 @@ +RxJava – Reactive Extensions for the JVM (https://github.com/ReactiveX/RxJava) +------------------------------------------------------------------------------ + + Version: 1.3.8 + From: 'RxJava Contributors' (https://github.com/ReactiveX/RxJava) + License(s): + Apache v2.0 + diff --git a/doc/licenses/rxjava-1.3.8/dep-coordinates.txt b/doc/licenses/rxjava-1.3.8/dep-coordinates.txt new file mode 100644 index 000000000..e17a77560 --- /dev/null +++ b/doc/licenses/rxjava-1.3.8/dep-coordinates.txt @@ -0,0 +1 @@ +io.reactivex:rxjava:jar:1.3.8 diff --git a/doc/licenses/snakeyaml-1.27/README b/doc/licenses/snakeyaml-1.27/README new file mode 100644 index 000000000..3fcd837d6 --- /dev/null +++ b/doc/licenses/snakeyaml-1.27/README @@ -0,0 +1,8 @@ +SnakeYAML (https://bitbucket.org/asomov/snakeyaml/) +--------------------------------------------------- + + Version: 1.27 + From: 'Andrey Somov' (https://bitbucket.org/asomov/) + License(s): + Apache v2.0 + diff --git a/doc/licenses/snakeyaml-1.27/dep-coordinates.txt b/doc/licenses/snakeyaml-1.27/dep-coordinates.txt new file mode 100644 index 000000000..d7cbad91a --- /dev/null +++ b/doc/licenses/snakeyaml-1.27/dep-coordinates.txt @@ -0,0 +1 @@ +org.yaml:snakeyaml:jar:1.27 diff --git a/doc/licenses/stephenc-jcip-annotations-1.0-1/README b/doc/licenses/stephenc-jcip-annotations-1.0-1/README new file mode 100644 index 000000000..8e59938a1 --- /dev/null +++ b/doc/licenses/stephenc-jcip-annotations-1.0-1/README @@ -0,0 +1,8 @@ +Clean-room JCIP Annotations (https://github.com/stephenc/jcip-annotations) +-------------------------------------------------------------------------- + + Version: 1.0-1 + From: 'Stephen Connolly' (https://github.com/stephenc) + License(s): + Apache v2.0 + diff --git a/doc/licenses/stephenc-jcip-annotations-1.0-1/dep-coordinates.txt b/doc/licenses/stephenc-jcip-annotations-1.0-1/dep-coordinates.txt new file mode 100644 index 000000000..e42206c27 --- /dev/null +++ b/doc/licenses/stephenc-jcip-annotations-1.0-1/dep-coordinates.txt @@ -0,0 +1 @@ +com.github.stephenc.jcip:jcip-annotations:jar:1.0-1 diff --git a/extensions/guacamole-auth-vault/.ratignore b/extensions/guacamole-auth-vault/.ratignore new file mode 100644 index 000000000..e69de29bb diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/.ratignore b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/.ratignore new file mode 100644 index 000000000..e69de29bb diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/pom.xml b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/pom.xml new file mode 100644 index 000000000..d1d336aa1 --- /dev/null +++ b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/pom.xml @@ -0,0 +1,194 @@ + + + + + 4.0.0 + org.apache.guacamole + guacamole-auth-vault-azure + jar + 1.4.0 + guacamole-auth-vault-azure + http://guacamole.apache.org/ + + + 1.7.4 + 3.14.7 + + + + org.apache.guacamole + guacamole-auth-vault + 1.4.0 + ../../ + + + + + + + + org.apache.maven.plugins + maven-compiler-plugin + + false + + + + + + + + + + + org.apache.guacamole + guacamole-ext + provided + + + + + org.apache.guacamole + guacamole-auth-vault-base + 1.4.0 + + + + + com.microsoft.azure + azure-keyvault + 1.2.4 + + + + + org.slf4j + slf4j-api + + + + + com.microsoft.azure + azure-client-runtime + + + commons-codec + commons-codec + + + + + + + + + com.microsoft.azure + adal4j + 1.6.7 + + + + + org.slf4j + slf4j-api + + + + + org.apache.commons + commons-lang3 + + + + + + + + com.microsoft.azure + azure-client-runtime + ${azure-client-runtimes.version} + + + com.microsoft.rest + client-runtime + ${azure-client-runtimes.version} + + + org.apache.commons + commons-lang3 + + + com.squareup.okhttp3 + okhttp + + + com.squareup.okhttp3 + okhttp-urlconnection + + + com.squareup.okhttp3 + logging-interceptor + + + + + + + org.apache.commons + commons-lang3 + 3.8.1 + + + commons-codec + commons-codec + 1.14 + + + + + com.squareup.okhttp3 + okhttp + ${okhttp.version} + + + com.squareup.okhttp3 + okhttp-urlconnection + ${okhttp.version} + + + com.squareup.okhttp3 + logging-interceptor + ${okhttp.version} + + + + + diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/AzureKeyVaultAuthenticationProvider.java b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/AzureKeyVaultAuthenticationProvider.java new file mode 100644 index 000000000..5fd091374 --- /dev/null +++ b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/AzureKeyVaultAuthenticationProvider.java @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.vault.azure; + +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.vault.VaultAuthenticationProvider; + +/** + * VaultAuthenticationProvider implementation which reads secrets from Azure + * Key Vault. + */ +public class AzureKeyVaultAuthenticationProvider extends VaultAuthenticationProvider { + + /** + * Creates a new AzureKeyVaultAuthenticationProvider which reads secrets + * from a configured Azure Key Vault. + * + * @throws GuacamoleException + * If configuration details cannot be read from guacamole.properties. + */ + public AzureKeyVaultAuthenticationProvider() throws GuacamoleException { + super(new AzureKeyVaultAuthenticationProviderModule()); + } + + @Override + public String getIdentifier() { + return "azure-keyvault"; + } + +} diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/AzureKeyVaultAuthenticationProviderModule.java b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/AzureKeyVaultAuthenticationProviderModule.java new file mode 100644 index 000000000..3cba8b705 --- /dev/null +++ b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/AzureKeyVaultAuthenticationProviderModule.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.vault.azure; + +import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials; +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.vault.VaultAuthenticationProviderModule; +import org.apache.guacamole.auth.vault.azure.conf.AzureKeyVaultConfigurationService; +import org.apache.guacamole.auth.vault.azure.conf.AzureKeyVaultCredentials; +import org.apache.guacamole.auth.vault.azure.secret.AzureKeyVaultSecretService; +import org.apache.guacamole.auth.vault.conf.VaultConfigurationService; +import org.apache.guacamole.auth.vault.secret.VaultSecretService; + +/** + * Guice module which configures injections specific to Azure Key Vault + * support. + */ +public class AzureKeyVaultAuthenticationProviderModule + extends VaultAuthenticationProviderModule { + + /** + * Creates a new AzureKeyVaultAuthenticationiProviderModule which + * configures dependency injection for the Azure Key Vault authentication + * provider and related services. + * + * @throws GuacamoleException + * If configuration details in guacamole.properties cannot be parsed. + */ + public AzureKeyVaultAuthenticationProviderModule() throws GuacamoleException {} + + @Override + protected void configureVault() { + + // Bind services specific to Azure Key Vault + bind(VaultConfigurationService.class).to(AzureKeyVaultConfigurationService.class); + bind(VaultSecretService.class).to(AzureKeyVaultSecretService.class); + + // Bind ADAL credentials implementation required for authenticating + // against Azure + bind(KeyVaultCredentials.class).to(AzureKeyVaultCredentials.class); + + } + +} diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/conf/AzureKeyVaultAuthenticationException.java b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/conf/AzureKeyVaultAuthenticationException.java new file mode 100644 index 000000000..5cf92a1b6 --- /dev/null +++ b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/conf/AzureKeyVaultAuthenticationException.java @@ -0,0 +1,57 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.vault.azure.conf; + +/** + * Unchecked exception thrown by AzureKeyVaultCredentials if an error occurs + * during the authentication process. Note that the base KeyVaultCredentials + * base class does not provide for checked exceptions within the authentication + * process. + * + * @see AzureKeyVaultCredentials#doAuthenticate(java.lang.String, java.lang.String, java.lang.String) + */ +public class AzureKeyVaultAuthenticationException extends RuntimeException { + + /** + * Creates a new AzureKeyVaultAuthenticationException having the given + * human-readable message. + * + * @param message + * A human-readable message describing the error that occurred. + */ + public AzureKeyVaultAuthenticationException(String message) { + super(message); + } + + /** + * Creates a new AzureKeyVaultAuthenticationException having the given + * human-readable message and cause. + * + * @param message + * A human-readable message describing the error that occurred. + * + * @param cause + * The error that caused this exception. + */ + public AzureKeyVaultAuthenticationException(String message, Throwable cause) { + super(message, cause); + } + +} diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/conf/AzureKeyVaultConfigurationService.java b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/conf/AzureKeyVaultConfigurationService.java new file mode 100644 index 000000000..2be7bd1b0 --- /dev/null +++ b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/conf/AzureKeyVaultConfigurationService.java @@ -0,0 +1,135 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.vault.azure.conf; + +import com.google.inject.Inject; +import com.google.inject.Singleton; +import com.microsoft.aad.adal4j.ClientCredential; +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.vault.conf.VaultConfigurationService; +import org.apache.guacamole.environment.Environment; +import org.apache.guacamole.properties.StringGuacamoleProperty; + +/** + * Service for retrieving configuration information regarding the Azure Key + * Vault authentication extension. + */ +@Singleton +public class AzureKeyVaultConfigurationService extends VaultConfigurationService { + + /** + * The Guacamole server environment. + */ + @Inject + private Environment environment; + + /** + * The name of the file which contains the JSON mapping of connection + * parameter token to Azure Key Vault secret name. + */ + private static final String TOKEN_MAPPING_FILENAME = "azure-keyvault-token-mapping.json"; + + /** + * The URL of the Azure Key Vault that should be used to populate token + * values. + */ + private static final StringGuacamoleProperty VAULT_URL = new StringGuacamoleProperty() { + + @Override + public String getName() { + return "azure-keyvault-url"; + } + + }; + + /** + * The client ID that should be used to authenticate with Azure Key Vault + * using ADAL. + */ + private static final StringGuacamoleProperty CLIENT_ID = new StringGuacamoleProperty() { + + @Override + public String getName() { + return "azure-keyvault-client-id"; + } + + }; + + /** + * The client key that should be used to authenticate with Azure Key Vault + * using ADAL. + */ + private static final StringGuacamoleProperty CLIENT_KEY = new StringGuacamoleProperty() { + + @Override + public String getName() { + return "azure-keyvault-client-key"; + } + + }; + + /** + * Creates a new AzureKeyVaultConfigurationService which reads the token + * mapping from "azure-keyvault-token-mapping.json". The token mapping is + * a JSON file which lists each connection parameter token and the name of + * the secret from which the value for that token should be read. + */ + public AzureKeyVaultConfigurationService() { + super(TOKEN_MAPPING_FILENAME); + } + + /** + * Returns the base URL of the Azure Key Vault containing the secrets that + * should be retrieved to populate connection parameter tokens. The base + * URL is specified with the "azure-keyvault-url" property. + * + * @return + * The base URL of the Azure Key Vault. + * + * @throws GuacamoleException + * If the base URL is not specified within guacamole.properties. + */ + public String getVaultURL() throws GuacamoleException { + return environment.getRequiredProperty(VAULT_URL); + } + + /** + * Returns the credentials that should be used to authenticate with Azure + * Key Vault when retrieving secrets. Azure's "ADAL" authentication will be + * used, requiring a client ID and key. These values are specified with the + * "azure-keyvault-client-id" and "azure-keyvault-client-key" properties + * respectively. + * + * @return + * The credentials that should be used to authenticate with Azure Key + * Vault. + * + * @throws GuacamoleException + * If the client ID or key are not specified within + * guacamole.properties. + */ + public ClientCredential getClientCredentials() throws GuacamoleException { + return new ClientCredential( + environment.getRequiredProperty(CLIENT_ID), + environment.getRequiredProperty(CLIENT_KEY) + ); + } + +} diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/conf/AzureKeyVaultCredentials.java b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/conf/AzureKeyVaultCredentials.java new file mode 100644 index 000000000..c69da5f1e --- /dev/null +++ b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/conf/AzureKeyVaultCredentials.java @@ -0,0 +1,115 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.vault.azure.conf; + +import com.google.inject.Inject; +import com.microsoft.aad.adal4j.AuthenticationContext; +import com.microsoft.aad.adal4j.AuthenticationResult; +import com.microsoft.aad.adal4j.ClientCredential; +import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials; +import java.net.MalformedURLException; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import java.util.concurrent.Future; +import org.apache.guacamole.GuacamoleException; + +/** + * KeyVaultCredentials implementation which retrieves the required client ID + * and key from guacamole.properties. Note that KeyVaultCredentials as + * implemented in the Azure Java SDK is NOT THREADSAFE; it leverages a + * non-concurrent HashMap for authentication result caching and does not + * perform any synchronization. + */ +public class AzureKeyVaultCredentials extends KeyVaultCredentials { + + /** + * Service for retrieving configuration information. + */ + @Inject + private AzureKeyVaultConfigurationService confService; + + /** + * {@inheritDoc} + * + * @throws AzureKeyVaultAuthenticationException + * If an error occurs preventing successful authentication. Note that + * this exception is unchecked. Uses of this class which need to be + * aware of errors in the authentication process must manually catch + * this exception. + */ + @Override + public String doAuthenticate(String authorization, String resource, + String scope) throws AzureKeyVaultAuthenticationException { + + // Read Azure credentials from guacamole.properties + ClientCredential credentials; + try { + credentials = confService.getClientCredentials(); + } + catch (GuacamoleException e) { + throw new AzureKeyVaultAuthenticationException("Azure " + + "credentials could not be read.", e); + } + + ExecutorService service = Executors.newFixedThreadPool(1); + try { + + // Attempt to aquire authentication token from Azure + AuthenticationContext context = new AuthenticationContext(authorization, false, service); + Future future = context.acquireToken(resource, credentials, null); + + // Wait for response + AuthenticationResult result = future.get(); + + // The semantics of a null return value are not documented, however + // example code provided with the Azure Java SDK demonstrates that + // a null check is required, albeit without explanation + if (result == null) + throw new AzureKeyVaultAuthenticationException( + "Authentication result from Azure was empty."); + + // Return authentication token from successful response + return result.getAccessToken(); + + } + + // Rethrow any errors which occur during the authentication process as + // AzureKeyVaultAuthenticationExceptions + catch (MalformedURLException e) { + throw new AzureKeyVaultAuthenticationException("Azure " + + "authentication URL is malformed.", e); + } + catch (InterruptedException e) { + throw new AzureKeyVaultAuthenticationException("Azure " + + "authentication process was interrupted.", e); + } + catch (ExecutionException e) { + throw new AzureKeyVaultAuthenticationException("Authentication " + + "against Azure failed.", e); + } + + finally { + service.shutdown(); + } + + } + +} diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/secret/AzureKeyVaultSecretService.java b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/secret/AzureKeyVaultSecretService.java new file mode 100644 index 000000000..ccbd6c9cc --- /dev/null +++ b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/secret/AzureKeyVaultSecretService.java @@ -0,0 +1,99 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.vault.azure.secret; + +import com.google.inject.Inject; +import com.google.inject.Provider; +import com.google.inject.Singleton; +import com.microsoft.azure.keyvault.KeyVaultClient; +import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials; +import com.microsoft.azure.keyvault.models.SecretBundle; +import java.util.regex.Matcher; +import java.util.regex.Pattern; +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.GuacamoleServerException; +import org.apache.guacamole.auth.vault.azure.conf.AzureKeyVaultAuthenticationException; +import org.apache.guacamole.auth.vault.azure.conf.AzureKeyVaultConfigurationService; +import org.apache.guacamole.auth.vault.secret.VaultSecretService; + +/** + * Service which retrieves secrets from Azure Key Vault. + */ +@Singleton +public class AzureKeyVaultSecretService implements VaultSecretService { + + /** + * Pattern which matches contiguous groups of characters which are not + * allowed within Azure Key Vault secret names. + */ + private static final Pattern DISALLOWED_CHARACTERS = Pattern.compile("[^a-zA-Z0-9-]+"); + + /** + * Service for retrieving configuration information. + */ + @Inject + private AzureKeyVaultConfigurationService confService; + + /** + * Provider for Azure Key Vault credentials. + */ + @Inject + private Provider credentialProvider; + + /** + * {@inheritDoc} + * + *

Azure Key Vault allows strictly a-z, A-Z, 0-9, and "-". This + * implementation strips out all contiguous groups of characters which are + * not allowed by Azure Key Vault, replacing them with a single dash. + */ + @Override + public String canonicalize(String name) { + Matcher disallowed = DISALLOWED_CHARACTERS.matcher(name); + return disallowed.replaceAll("-"); + } + + @Override + public String getValue(String name) throws GuacamoleException { + + try { + + // Retrieve configuration information necessary for connecting to + // Azure Key Vault + String url = confService.getVaultURL(); + KeyVaultCredentials credentials = credentialProvider.get(); + + // Authenticate against Azure Key Vault + KeyVaultClient client = new KeyVaultClient(credentials); + + // Retrieve requested secret + SecretBundle secret = client.getSecret(url, name); + + // FIXME: STUB + return null; + + } + catch (AzureKeyVaultAuthenticationException e) { + throw new GuacamoleServerException("Unable to authenticate with Azure.", e); + } + + } + +} diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/resources/guac-manifest.json b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/resources/guac-manifest.json new file mode 100644 index 000000000..87e1b1165 --- /dev/null +++ b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/resources/guac-manifest.json @@ -0,0 +1,16 @@ +{ + + "guacamoleVersion" : "1.4.0", + + "name" : "Azure Key Vault", + "namespace" : "azure-keyvault", + + "authProviders" : [ + "org.apache.guacamole.auth.vault.azure.AzureKeyVaultAuthenticationProvider" + ], + + "translations" : [ + "translations/en.json" + ] + +} diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/.ratignore b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/.ratignore new file mode 100644 index 000000000..e69de29bb diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/pom.xml b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/pom.xml new file mode 100644 index 000000000..d59754fe6 --- /dev/null +++ b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/pom.xml @@ -0,0 +1,70 @@ + + + + + 4.0.0 + org.apache.guacamole + guacamole-auth-vault-base + jar + guacamole-auth-vault-base + http://guacamole.apache.org/ + + + UTF-8 + + + + org.apache.guacamole + guacamole-auth-vault + 1.4.0 + ../../ + + + + + + + org.apache.guacamole + guacamole-ext + provided + + + + + com.fasterxml.jackson.core + jackson-databind + + + + + com.google.inject + guice + + + com.google.inject.extensions + guice-assistedinject + + + + + diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/VaultAuthenticationProvider.java b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/VaultAuthenticationProvider.java new file mode 100644 index 000000000..0b9126a67 --- /dev/null +++ b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/VaultAuthenticationProvider.java @@ -0,0 +1,63 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.vault; + +import com.google.inject.Guice; +import com.google.inject.Injector; +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.vault.user.VaultUserContextFactory; +import org.apache.guacamole.net.auth.AbstractAuthenticationProvider; +import org.apache.guacamole.net.auth.AuthenticatedUser; +import org.apache.guacamole.net.auth.Credentials; +import org.apache.guacamole.net.auth.UserContext; + +/** + * AuthenticationProvider implementation which automatically injects tokens + * containing the values of secrets retrieved from a vault. + */ +public abstract class VaultAuthenticationProvider + extends AbstractAuthenticationProvider { + + /** + * Factory for creating instances of the relevant vault-specific + * UserContext implementation. + */ + private final VaultUserContextFactory userContextFactory; + + /** + * Creates a new VaultAuthenticationProvider which uses the given module to + * configure dependency injection. + * + * @param module + * The module to use to configure dependency injection. + */ + protected VaultAuthenticationProvider(VaultAuthenticationProviderModule module) { + Injector injector = Guice.createInjector(module); + this.userContextFactory = injector.getInstance(VaultUserContextFactory.class); + } + + @Override + public UserContext decorate(UserContext context, + AuthenticatedUser authenticatedUser, Credentials credentials) + throws GuacamoleException { + return userContextFactory.create(context); + } + +} diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/VaultAuthenticationProviderModule.java b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/VaultAuthenticationProviderModule.java new file mode 100644 index 000000000..9e5ae7155 --- /dev/null +++ b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/VaultAuthenticationProviderModule.java @@ -0,0 +1,98 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.vault; + +import com.google.inject.AbstractModule; +import com.google.inject.assistedinject.FactoryModuleBuilder; +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.vault.user.VaultUserContext; +import org.apache.guacamole.auth.vault.user.VaultUserContextFactory; +import org.apache.guacamole.environment.Environment; +import org.apache.guacamole.environment.LocalEnvironment; +import org.apache.guacamole.net.auth.UserContext; + +/** + * Guice module which configures injections specific to the base support for + * key vaults. When adding support for a key vault provider, a subclass + * specific to that vault implementation will need to be created. + * + * @see AzureKeyVaultAuthenticationProviderModule + */ +public abstract class VaultAuthenticationProviderModule extends AbstractModule { + + /** + * Guacamole server environment. + */ + private final Environment environment; + + /** + * Creates a new VaultAuthenticationProviderModule which configures + * dependency injection for the Azure Key Vault authentication provider. + * + * @throws GuacamoleException + * If an error occurs while retrieving the Guacamole server + * environment. + */ + public VaultAuthenticationProviderModule() throws GuacamoleException { + this.environment = LocalEnvironment.getInstance(); + } + + /** + * Configures injections for interfaces which are implementation-specific + * to the vault service in use. Subclasses MUST provide a version of this + * function which binds concrete implementations to the following + * interfaces: + * + * - VaultConfigurationService + * - VaultSecretService + * + * @see AzureKeyVaultAuthenticationProviderModule + */ + protected abstract void configureVault(); + + /** + * Returns the instance of the Guacamole server environment which will be + * exposed to other classes via dependency injection. + * + * @return + * The instance of the Guacamole server environment which will be + * exposed via dependency injection. + */ + protected Environment getEnvironment() { + return environment; + } + + @Override + protected void configure() { + + // Bind Guacamole server environment + bind(Environment.class).toInstance(environment); + + // Bind factory for creating UserContexts + install(new FactoryModuleBuilder() + .implement(UserContext.class, VaultUserContext.class) + .build(VaultUserContextFactory.class)); + + // Bind all other implementation-specific interfaces + configureVault(); + + } + +} diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/conf/VaultConfigurationService.java b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/conf/VaultConfigurationService.java new file mode 100644 index 000000000..9cafbd45f --- /dev/null +++ b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/conf/VaultConfigurationService.java @@ -0,0 +1,107 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.vault.conf; + +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.google.inject.Inject; +import java.io.File; +import java.io.IOException; +import java.util.Map; +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.GuacamoleServerException; +import org.apache.guacamole.auth.vault.VaultAuthenticationProviderModule; +import org.apache.guacamole.environment.Environment; + +/** + * Base class for services which retrieve key vault configuration information. + * A concrete implementation of this class must be defined and bound for key + * vault support to work. + * + * @see VaultAuthenticationProviderModule + */ +public abstract class VaultConfigurationService { + + /** + * The Guacamole server environment. + */ + @Inject + private Environment environment; + + /** + * ObjectMapper for deserializing JSON. + */ + private static final ObjectMapper mapper = new ObjectMapper(); + + /** + * The name of the file containing a JSON mapping of Guacamole parameter + * token to vault secret name. + */ + private final String tokenMappingFilename; + + /** + * Creates a new VaultConfigurationService which retrieves the token/secret + * mapping from a JSON file having the given name. + * + * @param tokenMappingFilename + * The name of the JSON file containing the token/secret mapping. + */ + protected VaultConfigurationService(String tokenMappingFilename) { + this.tokenMappingFilename = tokenMappingFilename; + } + + /** + * Returns a mapping dictating the name of the secret which maps to each + * parameter token. In the returned mapping, the value of each entry is the + * name of the secret to use to populate the value of the parameter token, + * and the key of each entry is the name of the parameter token which + * should receive the value of the secret. + * + * The name of the secret may contain its own tokens, which will be + * substituted using values from the given filter. See the definition of + * VaultUserContext for the names of these tokens and the contexts in which + * they can be applied to secret names. + * + * @return + * A mapping dictating the name of the secret which maps to each + * parameter token. + * + * @throws GuacamoleException + * If the JSON file defining the token/secret mapping cannot be read. + */ + public Map getTokenMapping() throws GuacamoleException { + + // Get configuration file from GUACAMOLE_HOME + File confFile = new File(environment.getGuacamoleHome(), tokenMappingFilename); + + // Deserialize token mapping from JSON + try { + return mapper.readValue(confFile, new TypeReference>() {}); + } + + // Fail if JSON is invalid/unreadable + catch (IOException e) { + throw new GuacamoleServerException("Unable to read token mapping " + + "configuration file \"" + tokenMappingFilename + "\".", e); + } + + } + +} diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/secret/VaultSecretService.java b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/secret/VaultSecretService.java new file mode 100644 index 000000000..49d0d9ce3 --- /dev/null +++ b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/secret/VaultSecretService.java @@ -0,0 +1,67 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.vault.secret; + +import org.apache.guacamole.GuacamoleException; + +/** + * Generic service for retrieving the value of a secret stored in a vault. + */ +public interface VaultSecretService { + + /** + * Translates an arbitrary string, which may contain characters not allowed + * by the vault implementation, into a string which is a valid secret name. + * The type of transformation performed on the string, if any, will depend + * on the specific requirements of the vault provider. + * + * NOTE: It is critical that this transformation is deterministic and + * reasonably predictable for users. If an implementation must apply a + * transformation to secret names, that transformation needs to be + * documented. + * + * @param name + * An arbitrary string intended for use as a secret name, but which may + * contain characters not allowed by the vault implementation. + * + * @return + * A name containing essentially the same content as the provided + * string, but transformed deterministically such that it is acceptable + * as a secret name by the vault provider. + */ + String canonicalize(String name); + + /** + * Returns the value of the secret having the given name. If no such + * secret exists, null is returned. + * + * @param name + * The name of the secret to retrieve. + * + * @return + * The value of the secret having the given name, or null if no such + * secret exists. + * + * @throws GuacamoleException + * If the secret cannot be retrieved due to an error. + */ + String getValue(String name) throws GuacamoleException; + +} diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/user/VaultUserContext.java b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/user/VaultUserContext.java new file mode 100644 index 000000000..13cb6d515 --- /dev/null +++ b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/user/VaultUserContext.java @@ -0,0 +1,281 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.vault.user; + +import com.google.inject.Inject; +import com.google.inject.assistedinject.Assisted; +import com.google.inject.assistedinject.AssistedInject; +import java.util.HashMap; +import java.util.Map; +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.vault.conf.VaultConfigurationService; +import org.apache.guacamole.net.auth.Connection; +import org.apache.guacamole.net.auth.ConnectionGroup; +import org.apache.guacamole.net.auth.TokenInjectingUserContext; +import org.apache.guacamole.net.auth.UserContext; +import org.apache.guacamole.auth.vault.secret.VaultSecretService; +import org.apache.guacamole.protocol.GuacamoleConfiguration; +import org.apache.guacamole.token.GuacamoleTokenUndefinedException; +import org.apache.guacamole.token.TokenFilter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * UserContext implementation which automatically injects tokens containing the + * values of secrets retrieved from a vault. + */ +public class VaultUserContext extends TokenInjectingUserContext { + + /** + * Logger for this class. + */ + private final Logger logger = LoggerFactory.getLogger(VaultUserContext.class); + + /** + * The name of the token which will be replaced with the username of the + * current user if specified within the name of a secret. This token + * applies to both connections and connection groups. + */ + private static final String USERNAME_TOKEN = "GUAC_USERNAME"; + + /** + * The name of the token which will be replaced with the name of the + * current connection group if specified within the name of a secret. This + * token only applies only to connection groups. + */ + private static final String CONNECTION_GROUP_NAME_TOKEN = "CONNECTION_GROUP_NAME"; + + /** + * The name of the token which will be replaced with the identifier of the + * current connection group if specified within the name of a secret. This + * token only applies only to connection groups. + */ + private static final String CONNECTION_GROUP_IDENTIFIER_TOKEN = "CONNECTION_GROUP_ID"; + + /** + * The name of the token which will be replaced with the \"hostname\" + * connection parameter of the current connection if specified within the + * name of a secret. This token only applies only to connections. + */ + private static final String CONNECTION_HOSTNAME_TOKEN = "CONNECTION_HOSTNAME"; + + /** + * The name of the token which will be replaced with the \"username\" + * connection parameter of the current connection if specified within the + * name of a secret. This token only applies only to connections. + */ + private static final String CONNECTION_USERNAME_TOKEN = "CONNECTION_USERNAME"; + + /** + * The name of the token which will be replaced with the name of the + * current connection if specified within the name of a secret. This token + * only applies only to connections. + */ + private static final String CONNECTION_NAME_TOKEN = "CONNECTION_NAME"; + + /** + * The name of the token which will be replaced with the identifier of the + * current connection if specified within the name of a secret. This token + * only applies only to connections. + */ + private static final String CONNECTION_IDENTIFIER_TOKEN = "CONNECTION_ID"; + + /** + * Service for retrieving configuration information. + */ + @Inject + private VaultConfigurationService confService; + + /** + * Service for retrieving the values of secrets stored in a vault. + */ + @Inject + private VaultSecretService secretService; + + /** + * Creates a new VaultUserContext which automatically injects tokens + * containing values of secrets retrieved from a vault. The given + * UserContext is decorated such that connections and connection groups + * will receive additional tokens during the connection process. + * + * Note that this class depends on concrete implementations of the + * following classes to be provided via dependency injection: + * + * - VaultConfigurationService + * - VaultSecretService + * + * Bindings providing these concrete implementations will need to be + * provided by subclasses of VaultAuthenticationProviderModule for each + * supported vault. + * + * @param userContext + * The UserContext instance to decorate. + */ + @AssistedInject + public VaultUserContext(@Assisted UserContext userContext) { + super(userContext); + } + + /** + * Creates a new TokenFilter instance with token values set for all tokens + * which are not specific to connections or connection groups. Currently, + * this is only the username token ("GUAC_USERNAME"). + * + * @return + * A new TokenFilter instance with token values set for all tokens + * which are not specific to connections or connection groups. + */ + private TokenFilter createFilter() { + TokenFilter filter = new TokenFilter(); + filter.setToken(USERNAME_TOKEN, self().getIdentifier()); + return filter; + } + + /** + * Retrieve all applicable tokens and corresponding values from the vault, + * using the given TokenFilter to filter tokens within the secret names + * prior to retrieving those secrets. + * + * @param tokenMapping + * The mapping dictating the name of the secret which maps to each + * parameter token, where the key is the name of the parameter token + * and the value is the name of the secret. The name of the secret + * may contain its own tokens, which will be substituted using values + * from the given filter. + * + * @param filter + * The filter to use to substitute values for tokens in the names of + * secrets to be retrieved from the vault. + * + * @return + * The tokens which should be added to the in-progress call to + * connect(). + * + * @throws GuacamoleException + * If the value for any applicable secret cannot be retrieved from the + * vault due to an error. + */ + private Map getTokens(Map tokenMapping, + TokenFilter filter) throws GuacamoleException { + + Map tokens = new HashMap<>(); + + // Populate map with tokens containing the values of all secrets + // indicated in the token mapping + for (Map.Entry entry : tokenMapping.entrySet()) { + + // Translate secret pattern into secret name, ignoring any + // secrets which cannot be translated + String secretName; + try { + secretName = secretService.canonicalize(filter.filterStrict(entry.getValue())); + } + catch (GuacamoleTokenUndefinedException e) { + logger.debug("Secret for token \"{}\" will not be retrieved. " + + "Token \"{}\" within mapped secret name has no " + + "defined value in the current context.", + entry.getKey(), e.getTokenName()); + continue; + } + + // If a value is defined for the secret in question, store that + // value under the mapped token + String tokenName = entry.getKey(); + String secretValue = secretService.getValue(secretName); + if (secretValue != null) { + tokens.put(tokenName, secretValue); + logger.debug("Token \"{}\" populated with value from " + + "secret \"{}\".", tokenName, secretName); + } + else + logger.debug("Token \"{}\" not populated. Mapped " + + "secret \"{}\" has no value.", + tokenName, secretName); + + } + + return tokens; + + } + + @Override + protected Map getTokens(ConnectionGroup connectionGroup) + throws GuacamoleException { + + String name = connectionGroup.getName(); + String identifier = connectionGroup.getIdentifier(); + logger.debug("Injecting tokens from vault for connection group " + + "\"{}\" (\"{}\").", identifier, name); + + // Add general and connection-group-specific tokens + TokenFilter filter = createFilter(); + filter.setToken(CONNECTION_GROUP_NAME_TOKEN, name); + filter.setToken(CONNECTION_GROUP_IDENTIFIER_TOKEN, identifier); + + // Substitute tokens producing secret names, retrieving and storing + // those secrets as parameter tokens + return getTokens(confService.getTokenMapping(), filter); + + } + + @Override + protected Map getTokens(Connection connection) + throws GuacamoleException { + + String name = connection.getName(); + String identifier = connection.getIdentifier(); + logger.debug("Injecting tokens from vault for connection \"{}\" " + + "(\"{}\").", identifier, name); + + // Add general and connection-specific tokens + TokenFilter filter = createFilter(); + filter.setToken(CONNECTION_NAME_TOKEN, connection.getName()); + filter.setToken(CONNECTION_IDENTIFIER_TOKEN, identifier); + + // Add hostname and username tokens if available (implementations are + // not required to expose connection configuration details) + + GuacamoleConfiguration config = connection.getConfiguration(); + + String hostname = config.getParameter("hostname"); + if (hostname != null) + filter.setToken(CONNECTION_HOSTNAME_TOKEN, hostname); + else + logger.debug("Hostname for connection \"{}\" (\"{}\") not " + + "available. \"{}\" token will not be populated in " + + "secret names.", identifier, name, + CONNECTION_HOSTNAME_TOKEN); + + String username = config.getParameter("username"); + if (username != null) + filter.setToken(CONNECTION_USERNAME_TOKEN, username); + else + logger.debug("Username for connection \"{}\" (\"{}\") not " + + "available. \"{}\" token will not be populated in " + + "secret names.", identifier, name, + CONNECTION_USERNAME_TOKEN); + + // Substitute tokens producing secret names, retrieving and storing + // those secrets as parameter tokens + return getTokens(confService.getTokenMapping(), filter); + + } + +} diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/user/VaultUserContextFactory.java b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/user/VaultUserContextFactory.java new file mode 100644 index 000000000..712d41a9b --- /dev/null +++ b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/user/VaultUserContextFactory.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.vault.user; + +import org.apache.guacamole.net.auth.UserContext; + +/** + * Factory for creating UserContext instances which automatically inject tokens + * containing the values of secrets retrieved from a vault. + */ +public interface VaultUserContextFactory { + + /** + * Returns a new instance of a UserContext implementation which + * automatically injects tokens containing values of secrets retrieved from + * a vault. The given UserContext is decorated such that connections and + * connection groups will receive additional tokens during the connection + * process. + * + * @param userContext + * The UserContext instance to decorate. + * + * @return + * A new UserContext instance which automatically injects tokens + * containing values of secrets retrieved from a vault. + */ + UserContext create(UserContext userContext); + +} diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/resources/translations/en.json b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/resources/translations/en.json new file mode 100644 index 000000000..c96ec2821 --- /dev/null +++ b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/resources/translations/en.json @@ -0,0 +1,7 @@ +{ + + "DATA_SOURCE_AZURE_KEYVAULT" : { + "NAME" : "Azure Key Vault" + } + +} diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-dist/.ratignore b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-dist/.ratignore new file mode 100644 index 000000000..e69de29bb diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-dist/pom.xml b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-dist/pom.xml new file mode 100644 index 000000000..b239f28bf --- /dev/null +++ b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-dist/pom.xml @@ -0,0 +1,63 @@ + + + + + 4.0.0 + org.apache.guacamole + guacamole-auth-vault-dist + pom + guacamole-auth-vault-dist + http://guacamole.apache.org/ + + + UTF-8 + + + + org.apache.guacamole + guacamole-auth-vault + 1.4.0 + ../../ + + + + + + + org.apache.guacamole + guacamole-auth-vault-azure + 1.4.0 + + + + + + + + ${project.parent.artifactId}-${project.parent.version} + + + + diff --git a/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-dist/src/main/assembly/dist.xml b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-dist/src/main/assembly/dist.xml new file mode 100644 index 000000000..b0ea3b1f6 --- /dev/null +++ b/extensions/guacamole-auth-vault/modules/guacamole-auth-vault-dist/src/main/assembly/dist.xml @@ -0,0 +1,54 @@ + + + + + dist + ${project.parent.artifactId}-${project.parent.version} + + + + tar.gz + + + + + + + + azure + + org.apache.guacamole:guacamole-auth-vault-azure + + + + + + + + + + target/licenses + + + + diff --git a/extensions/guacamole-auth-vault/pom.xml b/extensions/guacamole-auth-vault/pom.xml new file mode 100644 index 000000000..a924af8b3 --- /dev/null +++ b/extensions/guacamole-auth-vault/pom.xml @@ -0,0 +1,67 @@ + + + + + 4.0.0 + org.apache.guacamole + guacamole-auth-vault + pom + 1.4.0 + guacamole-auth-vault + http://guacamole.apache.org/ + + + org.apache.guacamole + extensions + 1.4.0 + ../ + + + + + + modules/guacamole-auth-vault-dist + + + modules/guacamole-auth-vault-base + + + modules/guacamole-auth-vault-azure + + + + + + + + + org.apache.guacamole + guacamole-ext + 1.4.0 + provided + + + + + + diff --git a/extensions/pom.xml b/extensions/pom.xml index 938e7cc62..18e307e54 100644 --- a/extensions/pom.xml +++ b/extensions/pom.xml @@ -48,6 +48,7 @@ guacamole-auth-quickconnect guacamole-auth-sso guacamole-auth-totp + guacamole-auth-vault diff --git a/pom.xml b/pom.xml index bcfa885ad..2b9b1641f 100644 --- a/pom.xml +++ b/pom.xml @@ -209,8 +209,8 @@ 1.8 -Xlint:all - -Werror + true true @@ -382,6 +382,11 @@ jackson-dataformat-yaml ${jackson.version} + + com.fasterxml.jackson.datatype + jackson-datatype-joda + ${jackson.version} + com.fasterxml.jackson.module jackson-module-jaxb-annotations