safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 05:07:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-641: Add generic vault support with an initial Azure Key Vault implementation.

Browse Source
This commit is contained in:
Michael Jumper
2022-01-21 15:23:40 -08:00
parent 0ac67b8cf8
commit 6145a79f5d
73 changed files with 2369 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
doc/licenses/adal4j-1.6.7/LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) Microsoft Corporation
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

8
doc/licenses/adal4j-1.6.7/README Normal file
View File

@@ -0,0 +1,8 @@
adal4j (https://github.com/AzureAD/azure-activedirectory-library-for-java)
--------------------------------------------------------------------------
Version: 1.6.7
From: 'Microsoft Corporation' (https://microsoft.com/)
License(s):
MIT (bundled/adal4j-1.6.7/LICENSE)

1
doc/licenses/adal4j-1.6.7/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
com.microsoft.azure:adal4j:jar:1.6.7

5
doc/licenses/apache-commons-lang-3.8.1/NOTICE Normal file
View File

@@ -0,0 +1,5 @@
Apache Commons Lang
Copyright 2001-2018 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).

8
doc/licenses/apache-commons-lang-3.8.1/README Normal file
View File

@@ -0,0 +1,8 @@
Apache Commons Lang (http://commons.apache.org/proper/commons-lang/)
--------------------------------------------------------------------
Version: 3.8.1
From: 'Apache Software Foundation' (https://www.apache.org/)
License(s):
Apache v2.0

1
doc/licenses/apache-commons-lang-3.8.1/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
org.apache.commons:commons-lang3:jar:3.8.1

28
doc/licenses/asm-8.0.1/LICENSE.txt Normal file
View File

@@ -0,0 +1,28 @@
ASM: a very small and fast Java bytecode manipulation framework
Copyright (c) 2000-2011 INRIA, France Telecom
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holders nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
THE POSSIBILITY OF SUCH DAMAGE.

8
doc/licenses/asm-8.0.1/README Normal file
View File

@@ -0,0 +1,8 @@
ASM (https://asm.ow2.io/)
-------------------------
Version: 8.0.1
From: 'INRIA, France Telecom'
License(s):
BSD 3-clause (bundled/asm-8.0.1/LICENSE.txt)

1
doc/licenses/asm-8.0.1/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
org.ow2.asm:asm:jar:8.0.1

21
doc/licenses/autorest-client-runtime-1.7.4/LICENSE Normal file
View File

@@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) 2016 Microsoft Azure
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

9
doc/licenses/autorest-client-runtime-1.7.4/README Normal file
View File

@@ -0,0 +1,9 @@
AutoRest Client Runtimes for Java
(https://github.com/Azure/autorest-clientruntime-for-java)
----------------------------------------------------------
Version: 1.7.4
From: 'Microsoft Azure' (https://azure.microsoft.com/)
License(s):
MIT (bundled/autorest-client-runtime-1.7.4/LICENSE)

2
doc/licenses/autorest-client-runtime-1.7.4/dep-coordinates.txt Normal file
View File

@@ -0,0 +1,2 @@
com.microsoft.rest:client-runtime:jar:1.7.4
com.microsoft.azure:azure-client-runtime:jar:1.7.4

28
doc/licenses/azure-annotations-1.10.0/License.txt Normal file
View File

@@ -0,0 +1,28 @@
/**
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License. See License.txt in the project root for
* license information.
*/
NOTE: The above has been extracted from the source of the "azure-annotations"
library, as may be downloaded from Maven Central:
https://search.maven.org/remotecontent?filepath=com/microsoft/azure/azure-annotations/1.10.0/azure-annotations-1.10.0-sources.jar
Unfortunately, the "License.txt" file noted is not included with the source
.jar, and the GitHub repository referenced by the pom.xml of
"azure-annotations" is not publicly visible:
https://github.com/Microsoft/java-api-annotations
I (Mike Jumper) have reached out to Microsoft to correct this and to request a
copy of the "License.txt" file if access to this repository cannot be fixed in
the near future. Until then, the above should serve as reasonable confirmation
that this library is indeed (1) licensed under the MIT license and (2)
copyright Microsoft Corporation.
For reference, the terms of the open source license widely known as the "MIT
license" can be found here:
https://opensource.org/licenses/MIT

9
doc/licenses/azure-annotations-1.10.0/README Normal file
View File

@@ -0,0 +1,9 @@
Microsoft Azure SDK Annotations
(https://github.com/Microsoft/java-api-annotations)
---------------------------------------------------
Version: 1.10.0
From: 'Microsoft Corporation' (https://microsoft.com/)
License(s):
MIT (bundled/azure-annotations-1.10.0/License.txt)

1
doc/licenses/azure-annotations-1.10.0/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
com.microsoft.azure:azure-annotations:jar:1.10.0

21
doc/licenses/azure-sdk-for-java-1.2.4/LICENSE.txt Normal file
View File

@@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) 2015 Microsoft
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

8
doc/licenses/azure-sdk-for-java-1.2.4/README Normal file
View File

@@ -0,0 +1,8 @@
Azure SDK for Java (https://github.com/Azure/azure-sdk-for-java/)
-----------------------------------------------------------------
Version: 1.2.4
From: 'Microsoft' (https://microsoft.com/)
License(s):
MIT (bundled/azure-sdk-for-java-1.2.4/LICENSE.txt)

5
doc/licenses/azure-sdk-for-java-1.2.4/dep-coordinates.txt Normal file
View File

@@ -0,0 +1,5 @@
com.microsoft.azure:azure-keyvault-core:jar:1.2.4
com.microsoft.azure:azure-keyvault-cryptography:jar:1.2.4
com.microsoft.azure:azure-keyvault-webkey:jar:1.2.4
com.microsoft.azure:azure-keyvault:jar:1.2.4

8
doc/licenses/gson-2.8.0/README Normal file
View File

@@ -0,0 +1,8 @@
Gson (https://github.com/google/gson)
-------------------------------------
Version: 2.8.0
From: 'Google Inc.' (http://www.google.com/)
License(s):
Apache v2.0

1
doc/licenses/gson-2.8.0/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
com.google.code.gson:gson:jar:2.8.0

1
doc/licenses/jackson-2.13.1/dep-coordinates.txt
View File

@@ -2,4 +2,5 @@ com.fasterxml.jackson.core:jackson-databind:jar:2.13.1
com.fasterxml.jackson.core:jackson-core:jar:2.13.1
com.fasterxml.jackson.core:jackson-annotations:jar:2.13.1
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:jar:2.13.1
com.fasterxml.jackson.datatype:jackson-datatype-joda:jar:2.13.1
com.fasterxml.jackson.module:jackson-module-jaxb-annotations:jar:2.13.1

2
doc/licenses/joda-time-2.10.8/NOTICE Normal file
View File

@@ -0,0 +1,2 @@
This product includes software developed by
Joda.org (https://www.joda.org/).

8
doc/licenses/joda-time-2.10.8/README Normal file
View File

@@ -0,0 +1,8 @@
Joda-Time (https://www.joda.org/joda-time/)
----------------------------------------------
Version: 2.10.8
From: 'Joda.org' (https://www.joda.org/)
License(s):
Apache v2.0

1
doc/licenses/joda-time-2.10.8/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
joda-time:joda-time:jar:2.10.8

202
doc/licenses/json-smart-2.4.2/LICENSE Normal file
View File

@@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

8
doc/licenses/json-smart-2.4.2/README Normal file
View File

@@ -0,0 +1,8 @@
json-smart (https://netplex.github.io/json-smart/)
--------------------------------------------------
Version: 2.4.2
From: 'Uriel Chemouni' (https://github.com/UrielCh)
License(s):
Apache v2.0

2
doc/licenses/json-smart-2.4.2/dep-coordinates.txt Normal file
View File

@@ -0,0 +1,2 @@
net.minidev:accessors-smart:jar:2.4.2
net.minidev:json-smart:jar:2.4.2

8
doc/licenses/lang-tag-1.5/README Normal file
View File

@@ -0,0 +1,8 @@
Nimbus Language Tags (https://bitbucket.org/connect2id/nimbus-language-tags)
----------------------------------------------------------------------------
Version: 1.5
From: 'Connect2id Ltd.' (https://connect2id.com/)
License(s):
Apache v2.0

1
doc/licenses/lang-tag-1.5/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
com.nimbusds:lang-tag:jar:1.5

8
doc/licenses/nimbus-content-type-2.1/README Normal file
View File

@@ -0,0 +1,8 @@
Nimbus Content Type (https://bitbucket.org/connect2id/nimbus-content-type)
--------------------------------------------------------------------------
Version: 2.1
From: 'Connect2id Ltd.' (https://connect2id.com/)
License(s):
Apache v2.0

1
doc/licenses/nimbus-content-type-2.1/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
com.nimbusds:content-type:jar:2.1

8
doc/licenses/nimbus-jose-jwt-9.8.1/README Normal file
View File

@@ -0,0 +1,8 @@
Nimbus JOSE+JWT (https://bitbucket.org/connect2id/nimbus-jose-jwt)
------------------------------------------------------------------
Version: 9.8.1
From: 'Connect2id Ltd.' (https://connect2id.com/)
License(s):
Apache v2.0

1
doc/licenses/nimbus-jose-jwt-9.8.1/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
com.nimbusds:nimbus-jose-jwt:jar:9.8.1

9
doc/licenses/oauth2-oidc-sdk-9.4/README Normal file
View File

@@ -0,0 +1,9 @@
Nimbus OAuth 2.0 SDK with OpenID Connect extensions
(https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions)
-------------------------------------------------------------------------------
Version: 9.4
From: 'Connect2id Ltd.' (https://connect2id.com/)
License(s):
Apache v2.0

1
doc/licenses/oauth2-oidc-sdk-9.4/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
com.nimbusds:oauth2-oidc-sdk:jar:9.4

8
doc/licenses/okhttp-3.14.7/README Normal file
View File

@@ -0,0 +1,8 @@
OkHttp (https://github.com/square/okhttp)
-----------------------------------------
Version: 3.14.7
From: 'Square, Inc.' (http://square.github.io/)
License(s):
Apache v2.0

3
doc/licenses/okhttp-3.14.7/dep-coordinates.txt Normal file
View File

@@ -0,0 +1,3 @@
com.squareup.okhttp3:logging-interceptor:jar:3.14.7
com.squareup.okhttp3:okhttp-urlconnection:jar:3.14.7
com.squareup.okhttp3:okhttp:jar:3.14.7

8
doc/licenses/okio-1.17.2/README Normal file
View File

@@ -0,0 +1,8 @@
Okio (https://github.com/square/okio)
-------------------------------------
Version: 1.17.2
From: 'Square, Inc.' (http://square.github.io/)
License(s):
Apache v2.0

1
doc/licenses/okio-1.17.2/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
com.squareup.okio:okio:jar:1.17.2

8
doc/licenses/retrofit-2.7.2/README Normal file
View File

@@ -0,0 +1,8 @@
Retrofit (https://github.com/square/retrofit)
---------------------------------------------
Version: 2.7.2
From: 'Square, Inc.' (http://square.github.io/)
License(s):
Apache v2.0

3
doc/licenses/retrofit-2.7.2/dep-coordinates.txt Normal file
View File

@@ -0,0 +1,3 @@
com.squareup.retrofit2:adapter-rxjava:jar:2.7.2
com.squareup.retrofit2:converter-jackson:jar:2.7.2
com.squareup.retrofit2:retrofit:jar:2.7.2

202
doc/licenses/rxjava-1.3.8/LICENSE Normal file
View File

@@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2012 Netflix, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

8
doc/licenses/rxjava-1.3.8/README Normal file
View File

@@ -0,0 +1,8 @@
RxJava Reactive Extensions for the JVM (https://github.com/ReactiveX/RxJava)
------------------------------------------------------------------------------
Version: 1.3.8
From: 'RxJava Contributors' (https://github.com/ReactiveX/RxJava)
License(s):
Apache v2.0

1
doc/licenses/rxjava-1.3.8/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
io.reactivex:rxjava:jar:1.3.8

8
doc/licenses/snakeyaml-1.27/README Normal file
View File

@@ -0,0 +1,8 @@
SnakeYAML (https://bitbucket.org/asomov/snakeyaml/)
---------------------------------------------------
Version: 1.27
From: 'Andrey Somov' (https://bitbucket.org/asomov/)
License(s):
Apache v2.0

1
doc/licenses/snakeyaml-1.27/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
org.yaml:snakeyaml:jar:1.27

8
doc/licenses/stephenc-jcip-annotations-1.0-1/README Normal file
View File

@@ -0,0 +1,8 @@
Clean-room JCIP Annotations (https://github.com/stephenc/jcip-annotations)
--------------------------------------------------------------------------
Version: 1.0-1
From: 'Stephen Connolly' (https://github.com/stephenc)
License(s):
Apache v2.0

1
doc/licenses/stephenc-jcip-annotations-1.0-1/dep-coordinates.txt Normal file
View File

@@ -0,0 +1 @@
com.github.stephenc.jcip:jcip-annotations:jar:1.0-1

0
extensions/guacamole-auth-vault/.ratignore Normal file
View File

0
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/.ratignore Normal file
View File

194
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/pom.xml Normal file
View File

@@ -0,0 +1,194 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-auth-vault-azure</artifactId>
<packaging>jar</packaging>
<version>1.4.0</version>
<name>guacamole-auth-vault-azure</name>
<url>http://guacamole.apache.org/</url>
<properties>
<azure-client-runtimes.version>1.7.4</azure-client-runtimes.version>
<okhttp.version>3.14.7</okhttp.version>
</properties>
<parent>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-auth-vault</artifactId>
<version>1.4.0</version>
<relativePath>../../</relativePath>
</parent>
<build>
<plugins>
<!-- The Azure libraries result in javac outright failing without
any explicit error or warning if "-Werror" is passed -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<failOnWarning>false</failOnWarning>
</configuration>
</plugin>
</plugins>
</build>
<dependencies>
<!-- Guacamole Extension API -->
<dependency>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-ext</artifactId>
<scope>provided</scope>
</dependency>
<!-- Guacamole base key vault support -->
<dependency>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-auth-vault-base</artifactId>
<version>1.4.0</version>
</dependency>
<!-- Azure Key Vault client -->
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-keyvault</artifactId>
<version>1.2.4</version>
<exclusions>
<!-- Already provided within Guacamole webapp environment via
guacamole-ext / guacamole-common -->
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
<!-- Multiple version conflicts between transitive dependencies
of azure-keyvault and adal4j -->
<exclusion>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-client-runtime</artifactId>
</exclusion>
<exclusion>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Active Directory client (used to authenticate with Azure) -->
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>adal4j</artifactId>
<version>1.6.7</version>
<exclusions>
<!-- Already provided within Guacamole webapp environment via
guacamole-ext / guacamole-common w-->
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</exclusion>
<!-- Multiple version conflicts between transitive dependencies
of azure-keyvault and adal4j -->
<exclusion>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Explicitly depend on most recent versions of Azure client runtime
compatible with azure-keyvault / adal4j (conflict otherwise) -->
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-client-runtime</artifactId>
<version>${azure-client-runtimes.version}</version>
</dependency>
<dependency>
<groupId>com.microsoft.rest</groupId>
<artifactId>client-runtime</artifactId>
<version>${azure-client-runtimes.version}</version>
<exclusions>
<exclusion>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</exclusion>
<exclusion>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
</exclusion>
<exclusion>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp-urlconnection</artifactId>
</exclusion>
<exclusion>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>logging-interceptor</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Explicitly depend on most recent versions of dependencies required
by azure-keyvault / adal4j -->
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.8.1</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.14</version>
</dependency>
<!-- Explicitly depend on most recent version of okhttp required by
transitive dependencies of azure-keyvault -->
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>${okhttp.version}</version>
</dependency>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp-urlconnection</artifactId>
<version>${okhttp.version}</version>
</dependency>
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>logging-interceptor</artifactId>
<version>${okhttp.version}</version>
</dependency>
</dependencies>
</project>

47
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/AzureKeyVaultAuthenticationProvider.java Normal file
View File

@@ -0,0 +1,47 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.vault.azure;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.vault.VaultAuthenticationProvider;
/**
* VaultAuthenticationProvider implementation which reads secrets from Azure
* Key Vault.
*/
public class AzureKeyVaultAuthenticationProvider extends VaultAuthenticationProvider {
/**
* Creates a new AzureKeyVaultAuthenticationProvider which reads secrets
* from a configured Azure Key Vault.
*
* @throws GuacamoleException
* If configuration details cannot be read from guacamole.properties.
*/
public AzureKeyVaultAuthenticationProvider() throws GuacamoleException {
super(new AzureKeyVaultAuthenticationProviderModule());
}
@Override
public String getIdentifier() {
return "azure-keyvault";
}
}

61
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/AzureKeyVaultAuthenticationProviderModule.java Normal file
View File

@@ -0,0 +1,61 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.vault.azure;
import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.vault.VaultAuthenticationProviderModule;
import org.apache.guacamole.auth.vault.azure.conf.AzureKeyVaultConfigurationService;
import org.apache.guacamole.auth.vault.azure.conf.AzureKeyVaultCredentials;
import org.apache.guacamole.auth.vault.azure.secret.AzureKeyVaultSecretService;
import org.apache.guacamole.auth.vault.conf.VaultConfigurationService;
import org.apache.guacamole.auth.vault.secret.VaultSecretService;
/**
* Guice module which configures injections specific to Azure Key Vault
* support.
*/
public class AzureKeyVaultAuthenticationProviderModule
extends VaultAuthenticationProviderModule {
/**
* Creates a new AzureKeyVaultAuthenticationiProviderModule which
* configures dependency injection for the Azure Key Vault authentication
* provider and related services.
*
* @throws GuacamoleException
* If configuration details in guacamole.properties cannot be parsed.
*/
public AzureKeyVaultAuthenticationProviderModule() throws GuacamoleException {}
@Override
protected void configureVault() {
// Bind services specific to Azure Key Vault
bind(VaultConfigurationService.class).to(AzureKeyVaultConfigurationService.class);
bind(VaultSecretService.class).to(AzureKeyVaultSecretService.class);
// Bind ADAL credentials implementation required for authenticating
// against Azure
bind(KeyVaultCredentials.class).to(AzureKeyVaultCredentials.class);
}
}

57
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/conf/AzureKeyVaultAuthenticationException.java Normal file
View File

@@ -0,0 +1,57 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.vault.azure.conf;
/**
* Unchecked exception thrown by AzureKeyVaultCredentials if an error occurs
* during the authentication process. Note that the base KeyVaultCredentials
* base class does not provide for checked exceptions within the authentication
* process.
*
* @see AzureKeyVaultCredentials#doAuthenticate(java.lang.String, java.lang.String, java.lang.String)
*/
public class AzureKeyVaultAuthenticationException extends RuntimeException {
/**
* Creates a new AzureKeyVaultAuthenticationException having the given
* human-readable message.
*
* @param message
* A human-readable message describing the error that occurred.
*/
public AzureKeyVaultAuthenticationException(String message) {
super(message);
}
/**
* Creates a new AzureKeyVaultAuthenticationException having the given
* human-readable message and cause.
*
* @param message
* A human-readable message describing the error that occurred.
*
* @param cause
* The error that caused this exception.
*/
public AzureKeyVaultAuthenticationException(String message, Throwable cause) {
super(message, cause);
}
}

135
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/conf/AzureKeyVaultConfigurationService.java Normal file
View File

@@ -0,0 +1,135 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.vault.azure.conf;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import com.microsoft.aad.adal4j.ClientCredential;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.vault.conf.VaultConfigurationService;
import org.apache.guacamole.environment.Environment;
import org.apache.guacamole.properties.StringGuacamoleProperty;
/**
* Service for retrieving configuration information regarding the Azure Key
* Vault authentication extension.
*/
@Singleton
public class AzureKeyVaultConfigurationService extends VaultConfigurationService {
/**
* The Guacamole server environment.
*/
@Inject
private Environment environment;
/**
* The name of the file which contains the JSON mapping of connection
* parameter token to Azure Key Vault secret name.
*/
private static final String TOKEN_MAPPING_FILENAME = "azure-keyvault-token-mapping.json";
/**
* The URL of the Azure Key Vault that should be used to populate token
* values.
*/
private static final StringGuacamoleProperty VAULT_URL = new StringGuacamoleProperty() {
@Override
public String getName() {
return "azure-keyvault-url";
}
};
/**
* The client ID that should be used to authenticate with Azure Key Vault
* using ADAL.
*/
private static final StringGuacamoleProperty CLIENT_ID = new StringGuacamoleProperty() {
@Override
public String getName() {
return "azure-keyvault-client-id";
}
};
/**
* The client key that should be used to authenticate with Azure Key Vault
* using ADAL.
*/
private static final StringGuacamoleProperty CLIENT_KEY = new StringGuacamoleProperty() {
@Override
public String getName() {
return "azure-keyvault-client-key";
}
};
/**
* Creates a new AzureKeyVaultConfigurationService which reads the token
* mapping from "azure-keyvault-token-mapping.json". The token mapping is
* a JSON file which lists each connection parameter token and the name of
* the secret from which the value for that token should be read.
*/
public AzureKeyVaultConfigurationService() {
super(TOKEN_MAPPING_FILENAME);
}
/**
* Returns the base URL of the Azure Key Vault containing the secrets that
* should be retrieved to populate connection parameter tokens. The base
* URL is specified with the "azure-keyvault-url" property.
*
* @return
* The base URL of the Azure Key Vault.
*
* @throws GuacamoleException
* If the base URL is not specified within guacamole.properties.
*/
public String getVaultURL() throws GuacamoleException {
return environment.getRequiredProperty(VAULT_URL);
}
/**
* Returns the credentials that should be used to authenticate with Azure
* Key Vault when retrieving secrets. Azure's "ADAL" authentication will be
* used, requiring a client ID and key. These values are specified with the
* "azure-keyvault-client-id" and "azure-keyvault-client-key" properties
* respectively.
*
* @return
* The credentials that should be used to authenticate with Azure Key
* Vault.
*
* @throws GuacamoleException
* If the client ID or key are not specified within
* guacamole.properties.
*/
public ClientCredential getClientCredentials() throws GuacamoleException {
return new ClientCredential(
environment.getRequiredProperty(CLIENT_ID),
environment.getRequiredProperty(CLIENT_KEY)
);
}
}

115
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/conf/AzureKeyVaultCredentials.java Normal file
View File

@@ -0,0 +1,115 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.vault.azure.conf;
import com.google.inject.Inject;
import com.microsoft.aad.adal4j.AuthenticationContext;
import com.microsoft.aad.adal4j.AuthenticationResult;
import com.microsoft.aad.adal4j.ClientCredential;
import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials;
import java.net.MalformedURLException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import org.apache.guacamole.GuacamoleException;
/**
* KeyVaultCredentials implementation which retrieves the required client ID
* and key from guacamole.properties. Note that KeyVaultCredentials as
* implemented in the Azure Java SDK is NOT THREADSAFE; it leverages a
* non-concurrent HashMap for authentication result caching and does not
* perform any synchronization.
*/
public class AzureKeyVaultCredentials extends KeyVaultCredentials {
/**
* Service for retrieving configuration information.
*/
@Inject
private AzureKeyVaultConfigurationService confService;
/**
* {@inheritDoc}
*
* @throws AzureKeyVaultAuthenticationException
* If an error occurs preventing successful authentication. Note that
* this exception is unchecked. Uses of this class which need to be
* aware of errors in the authentication process must manually catch
* this exception.
*/
@Override
public String doAuthenticate(String authorization, String resource,
String scope) throws AzureKeyVaultAuthenticationException {
// Read Azure credentials from guacamole.properties
ClientCredential credentials;
try {
credentials = confService.getClientCredentials();
}
catch (GuacamoleException e) {
throw new AzureKeyVaultAuthenticationException("Azure "
+ "credentials could not be read.", e);
}
ExecutorService service = Executors.newFixedThreadPool(1);
try {
// Attempt to aquire authentication token from Azure
AuthenticationContext context = new AuthenticationContext(authorization, false, service);
Future<AuthenticationResult> future = context.acquireToken(resource, credentials, null);
// Wait for response
AuthenticationResult result = future.get();
// The semantics of a null return value are not documented, however
// example code provided with the Azure Java SDK demonstrates that
// a null check is required, albeit without explanation
if (result == null)
throw new AzureKeyVaultAuthenticationException(
"Authentication result from Azure was empty.");
// Return authentication token from successful response
return result.getAccessToken();
}
// Rethrow any errors which occur during the authentication process as
// AzureKeyVaultAuthenticationExceptions
catch (MalformedURLException e) {
throw new AzureKeyVaultAuthenticationException("Azure "
+ "authentication URL is malformed.", e);
}
catch (InterruptedException e) {
throw new AzureKeyVaultAuthenticationException("Azure "
+ "authentication process was interrupted.", e);
}
catch (ExecutionException e) {
throw new AzureKeyVaultAuthenticationException("Authentication "
+ "against Azure failed.", e);
}
finally {
service.shutdown();
}
}
}

99
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/java/org/apache/guacamole/auth/vault/azure/secret/AzureKeyVaultSecretService.java Normal file
View File

@@ -0,0 +1,99 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.vault.azure.secret;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import com.microsoft.azure.keyvault.KeyVaultClient;
import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials;
import com.microsoft.azure.keyvault.models.SecretBundle;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleServerException;
import org.apache.guacamole.auth.vault.azure.conf.AzureKeyVaultAuthenticationException;
import org.apache.guacamole.auth.vault.azure.conf.AzureKeyVaultConfigurationService;
import org.apache.guacamole.auth.vault.secret.VaultSecretService;
/**
* Service which retrieves secrets from Azure Key Vault.
*/
@Singleton
public class AzureKeyVaultSecretService implements VaultSecretService {
/**
* Pattern which matches contiguous groups of characters which are not
* allowed within Azure Key Vault secret names.
*/
private static final Pattern DISALLOWED_CHARACTERS = Pattern.compile("[^a-zA-Z0-9-]+");
/**
* Service for retrieving configuration information.
*/
@Inject
private AzureKeyVaultConfigurationService confService;
/**
* Provider for Azure Key Vault credentials.
*/
@Inject
private Provider<KeyVaultCredentials> credentialProvider;
/**
* {@inheritDoc}
*
* <p>Azure Key Vault allows strictly a-z, A-Z, 0-9, and "-". This
* implementation strips out all contiguous groups of characters which are
* not allowed by Azure Key Vault, replacing them with a single dash.
*/
@Override
public String canonicalize(String name) {
Matcher disallowed = DISALLOWED_CHARACTERS.matcher(name);
return disallowed.replaceAll("-");
}
@Override
public String getValue(String name) throws GuacamoleException {
try {
// Retrieve configuration information necessary for connecting to
// Azure Key Vault
String url = confService.getVaultURL();
KeyVaultCredentials credentials = credentialProvider.get();
// Authenticate against Azure Key Vault
KeyVaultClient client = new KeyVaultClient(credentials);
// Retrieve requested secret
SecretBundle secret = client.getSecret(url, name);
// FIXME: STUB
return null;
}
catch (AzureKeyVaultAuthenticationException e) {
throw new GuacamoleServerException("Unable to authenticate with Azure.", e);
}
}
}

16
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-azure/src/main/resources/guac-manifest.json Normal file
View File

@@ -0,0 +1,16 @@
{
"guacamoleVersion" : "1.4.0",
"name" : "Azure Key Vault",
"namespace" : "azure-keyvault",
"authProviders" : [
"org.apache.guacamole.auth.vault.azure.AzureKeyVaultAuthenticationProvider"
],
"translations" : [
"translations/en.json"
]
}

0
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/.ratignore Normal file
View File

70
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/pom.xml Normal file
View File

@@ -0,0 +1,70 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-auth-vault-base</artifactId>
<packaging>jar</packaging>
<name>guacamole-auth-vault-base</name>
<url>http://guacamole.apache.org/</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<parent>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-auth-vault</artifactId>
<version>1.4.0</version>
<relativePath>../../</relativePath>
</parent>
<dependencies>
<!-- Guacamole Extension API -->
<dependency>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-ext</artifactId>
<scope>provided</scope>
</dependency>
<!-- Jackson for JSON support -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</dependency>
<!-- Guice -->
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
</dependency>
<dependency>
<groupId>com.google.inject.extensions</groupId>
<artifactId>guice-assistedinject</artifactId>
</dependency>
</dependencies>
</project>

63
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/VaultAuthenticationProvider.java Normal file
View File

@@ -0,0 +1,63 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.vault;
import com.google.inject.Guice;
import com.google.inject.Injector;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.vault.user.VaultUserContextFactory;
import org.apache.guacamole.net.auth.AbstractAuthenticationProvider;
import org.apache.guacamole.net.auth.AuthenticatedUser;
import org.apache.guacamole.net.auth.Credentials;
import org.apache.guacamole.net.auth.UserContext;
/**
* AuthenticationProvider implementation which automatically injects tokens
* containing the values of secrets retrieved from a vault.
*/
public abstract class VaultAuthenticationProvider
extends AbstractAuthenticationProvider {
/**
* Factory for creating instances of the relevant vault-specific
* UserContext implementation.
*/
private final VaultUserContextFactory userContextFactory;
/**
* Creates a new VaultAuthenticationProvider which uses the given module to
* configure dependency injection.
*
* @param module
* The module to use to configure dependency injection.
*/
protected VaultAuthenticationProvider(VaultAuthenticationProviderModule module) {
Injector injector = Guice.createInjector(module);
this.userContextFactory = injector.getInstance(VaultUserContextFactory.class);
}
@Override
public UserContext decorate(UserContext context,
AuthenticatedUser authenticatedUser, Credentials credentials)
throws GuacamoleException {
return userContextFactory.create(context);
}
}

98
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/VaultAuthenticationProviderModule.java Normal file
View File

@@ -0,0 +1,98 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.vault;
import com.google.inject.AbstractModule;
import com.google.inject.assistedinject.FactoryModuleBuilder;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.vault.user.VaultUserContext;
import org.apache.guacamole.auth.vault.user.VaultUserContextFactory;
import org.apache.guacamole.environment.Environment;
import org.apache.guacamole.environment.LocalEnvironment;
import org.apache.guacamole.net.auth.UserContext;
/**
* Guice module which configures injections specific to the base support for
* key vaults. When adding support for a key vault provider, a subclass
* specific to that vault implementation will need to be created.
*
* @see AzureKeyVaultAuthenticationProviderModule
*/
public abstract class VaultAuthenticationProviderModule extends AbstractModule {
/**
* Guacamole server environment.
*/
private final Environment environment;
/**
* Creates a new VaultAuthenticationProviderModule which configures
* dependency injection for the Azure Key Vault authentication provider.
*
* @throws GuacamoleException
* If an error occurs while retrieving the Guacamole server
* environment.
*/
public VaultAuthenticationProviderModule() throws GuacamoleException {
this.environment = LocalEnvironment.getInstance();
}
/**
* Configures injections for interfaces which are implementation-specific
* to the vault service in use. Subclasses MUST provide a version of this
* function which binds concrete implementations to the following
* interfaces:
*
* - VaultConfigurationService
* - VaultSecretService
*
* @see AzureKeyVaultAuthenticationProviderModule
*/
protected abstract void configureVault();
/**
* Returns the instance of the Guacamole server environment which will be
* exposed to other classes via dependency injection.
*
* @return
* The instance of the Guacamole server environment which will be
* exposed via dependency injection.
*/
protected Environment getEnvironment() {
return environment;
}
@Override
protected void configure() {
// Bind Guacamole server environment
bind(Environment.class).toInstance(environment);
// Bind factory for creating UserContexts
install(new FactoryModuleBuilder()
.implement(UserContext.class, VaultUserContext.class)
.build(VaultUserContextFactory.class));
// Bind all other implementation-specific interfaces
configureVault();
}
}

107
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/conf/VaultConfigurationService.java Normal file
View File

@@ -0,0 +1,107 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.vault.conf;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.inject.Inject;
import java.io.File;
import java.io.IOException;
import java.util.Map;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleServerException;
import org.apache.guacamole.auth.vault.VaultAuthenticationProviderModule;
import org.apache.guacamole.environment.Environment;
/**
* Base class for services which retrieve key vault configuration information.
* A concrete implementation of this class must be defined and bound for key
* vault support to work.
*
* @see VaultAuthenticationProviderModule
*/
public abstract class VaultConfigurationService {
/**
* The Guacamole server environment.
*/
@Inject
private Environment environment;
/**
* ObjectMapper for deserializing JSON.
*/
private static final ObjectMapper mapper = new ObjectMapper();
/**
* The name of the file containing a JSON mapping of Guacamole parameter
* token to vault secret name.
*/
private final String tokenMappingFilename;
/**
* Creates a new VaultConfigurationService which retrieves the token/secret
* mapping from a JSON file having the given name.
*
* @param tokenMappingFilename
* The name of the JSON file containing the token/secret mapping.
*/
protected VaultConfigurationService(String tokenMappingFilename) {
this.tokenMappingFilename = tokenMappingFilename;
}
/**
* Returns a mapping dictating the name of the secret which maps to each
* parameter token. In the returned mapping, the value of each entry is the
* name of the secret to use to populate the value of the parameter token,
* and the key of each entry is the name of the parameter token which
* should receive the value of the secret.
*
* The name of the secret may contain its own tokens, which will be
* substituted using values from the given filter. See the definition of
* VaultUserContext for the names of these tokens and the contexts in which
* they can be applied to secret names.
*
* @return
* A mapping dictating the name of the secret which maps to each
* parameter token.
*
* @throws GuacamoleException
* If the JSON file defining the token/secret mapping cannot be read.
*/
public Map<String, String> getTokenMapping() throws GuacamoleException {
// Get configuration file from GUACAMOLE_HOME
File confFile = new File(environment.getGuacamoleHome(), tokenMappingFilename);
// Deserialize token mapping from JSON
try {
return mapper.readValue(confFile, new TypeReference<Map<String, String>>() {});
}
// Fail if JSON is invalid/unreadable
catch (IOException e) {
throw new GuacamoleServerException("Unable to read token mapping "
+ "configuration file \"" + tokenMappingFilename + "\".", e);
}
}
}

67
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/secret/VaultSecretService.java Normal file
View File

@@ -0,0 +1,67 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.vault.secret;
import org.apache.guacamole.GuacamoleException;
/**
* Generic service for retrieving the value of a secret stored in a vault.
*/
public interface VaultSecretService {
/**
* Translates an arbitrary string, which may contain characters not allowed
* by the vault implementation, into a string which is a valid secret name.
* The type of transformation performed on the string, if any, will depend
* on the specific requirements of the vault provider.
*
* NOTE: It is critical that this transformation is deterministic and
* reasonably predictable for users. If an implementation must apply a
* transformation to secret names, that transformation needs to be
* documented.
*
* @param name
* An arbitrary string intended for use as a secret name, but which may
* contain characters not allowed by the vault implementation.
*
* @return
* A name containing essentially the same content as the provided
* string, but transformed deterministically such that it is acceptable
* as a secret name by the vault provider.
*/
String canonicalize(String name);
/**
* Returns the value of the secret having the given name. If no such
* secret exists, null is returned.
*
* @param name
* The name of the secret to retrieve.
*
* @return
* The value of the secret having the given name, or null if no such
* secret exists.
*
* @throws GuacamoleException
* If the secret cannot be retrieved due to an error.
*/
String getValue(String name) throws GuacamoleException;
}

281
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/user/VaultUserContext.java Normal file
View File

@@ -0,0 +1,281 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.vault.user;
import com.google.inject.Inject;
import com.google.inject.assistedinject.Assisted;
import com.google.inject.assistedinject.AssistedInject;
import java.util.HashMap;
import java.util.Map;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.vault.conf.VaultConfigurationService;
import org.apache.guacamole.net.auth.Connection;
import org.apache.guacamole.net.auth.ConnectionGroup;
import org.apache.guacamole.net.auth.TokenInjectingUserContext;
import org.apache.guacamole.net.auth.UserContext;
import org.apache.guacamole.auth.vault.secret.VaultSecretService;
import org.apache.guacamole.protocol.GuacamoleConfiguration;
import org.apache.guacamole.token.GuacamoleTokenUndefinedException;
import org.apache.guacamole.token.TokenFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* UserContext implementation which automatically injects tokens containing the
* values of secrets retrieved from a vault.
*/
public class VaultUserContext extends TokenInjectingUserContext {
/**
* Logger for this class.
*/
private final Logger logger = LoggerFactory.getLogger(VaultUserContext.class);
/**
* The name of the token which will be replaced with the username of the
* current user if specified within the name of a secret. This token
* applies to both connections and connection groups.
*/
private static final String USERNAME_TOKEN = "GUAC_USERNAME";
/**
* The name of the token which will be replaced with the name of the
* current connection group if specified within the name of a secret. This
* token only applies only to connection groups.
*/
private static final String CONNECTION_GROUP_NAME_TOKEN = "CONNECTION_GROUP_NAME";
/**
* The name of the token which will be replaced with the identifier of the
* current connection group if specified within the name of a secret. This
* token only applies only to connection groups.
*/
private static final String CONNECTION_GROUP_IDENTIFIER_TOKEN = "CONNECTION_GROUP_ID";
/**
* The name of the token which will be replaced with the \"hostname\"
* connection parameter of the current connection if specified within the
* name of a secret. This token only applies only to connections.
*/
private static final String CONNECTION_HOSTNAME_TOKEN = "CONNECTION_HOSTNAME";
/**
* The name of the token which will be replaced with the \"username\"
* connection parameter of the current connection if specified within the
* name of a secret. This token only applies only to connections.
*/
private static final String CONNECTION_USERNAME_TOKEN = "CONNECTION_USERNAME";
/**
* The name of the token which will be replaced with the name of the
* current connection if specified within the name of a secret. This token
* only applies only to connections.
*/
private static final String CONNECTION_NAME_TOKEN = "CONNECTION_NAME";
/**
* The name of the token which will be replaced with the identifier of the
* current connection if specified within the name of a secret. This token
* only applies only to connections.
*/
private static final String CONNECTION_IDENTIFIER_TOKEN = "CONNECTION_ID";
/**
* Service for retrieving configuration information.
*/
@Inject
private VaultConfigurationService confService;
/**
* Service for retrieving the values of secrets stored in a vault.
*/
@Inject
private VaultSecretService secretService;
/**
* Creates a new VaultUserContext which automatically injects tokens
* containing values of secrets retrieved from a vault. The given
* UserContext is decorated such that connections and connection groups
* will receive additional tokens during the connection process.
*
* Note that this class depends on concrete implementations of the
* following classes to be provided via dependency injection:
*
* - VaultConfigurationService
* - VaultSecretService
*
* Bindings providing these concrete implementations will need to be
* provided by subclasses of VaultAuthenticationProviderModule for each
* supported vault.
*
* @param userContext
* The UserContext instance to decorate.
*/
@AssistedInject
public VaultUserContext(@Assisted UserContext userContext) {
super(userContext);
}
/**
* Creates a new TokenFilter instance with token values set for all tokens
* which are not specific to connections or connection groups. Currently,
* this is only the username token ("GUAC_USERNAME").
*
* @return
* A new TokenFilter instance with token values set for all tokens
* which are not specific to connections or connection groups.
*/
private TokenFilter createFilter() {
TokenFilter filter = new TokenFilter();
filter.setToken(USERNAME_TOKEN, self().getIdentifier());
return filter;
}
/**
* Retrieve all applicable tokens and corresponding values from the vault,
* using the given TokenFilter to filter tokens within the secret names
* prior to retrieving those secrets.
*
* @param tokenMapping
* The mapping dictating the name of the secret which maps to each
* parameter token, where the key is the name of the parameter token
* and the value is the name of the secret. The name of the secret
* may contain its own tokens, which will be substituted using values
* from the given filter.
*
* @param filter
* The filter to use to substitute values for tokens in the names of
* secrets to be retrieved from the vault.
*
* @return
* The tokens which should be added to the in-progress call to
* connect().
*
* @throws GuacamoleException
* If the value for any applicable secret cannot be retrieved from the
* vault due to an error.
*/
private Map<String, String> getTokens(Map<String, String> tokenMapping,
TokenFilter filter) throws GuacamoleException {
Map<String, String> tokens = new HashMap<>();
// Populate map with tokens containing the values of all secrets
// indicated in the token mapping
for (Map.Entry<String, String> entry : tokenMapping.entrySet()) {
// Translate secret pattern into secret name, ignoring any
// secrets which cannot be translated
String secretName;
try {
secretName = secretService.canonicalize(filter.filterStrict(entry.getValue()));
}
catch (GuacamoleTokenUndefinedException e) {
logger.debug("Secret for token \"{}\" will not be retrieved. "
+ "Token \"{}\" within mapped secret name has no "
+ "defined value in the current context.",
entry.getKey(), e.getTokenName());
continue;
}
// If a value is defined for the secret in question, store that
// value under the mapped token
String tokenName = entry.getKey();
String secretValue = secretService.getValue(secretName);
if (secretValue != null) {
tokens.put(tokenName, secretValue);
logger.debug("Token \"{}\" populated with value from "
+ "secret \"{}\".", tokenName, secretName);
}
else
logger.debug("Token \"{}\" not populated. Mapped "
+ "secret \"{}\" has no value.",
tokenName, secretName);
}
return tokens;
}
@Override
protected Map<String, String> getTokens(ConnectionGroup connectionGroup)
throws GuacamoleException {
String name = connectionGroup.getName();
String identifier = connectionGroup.getIdentifier();
logger.debug("Injecting tokens from vault for connection group "
+ "\"{}\" (\"{}\").", identifier, name);
// Add general and connection-group-specific tokens
TokenFilter filter = createFilter();
filter.setToken(CONNECTION_GROUP_NAME_TOKEN, name);
filter.setToken(CONNECTION_GROUP_IDENTIFIER_TOKEN, identifier);
// Substitute tokens producing secret names, retrieving and storing
// those secrets as parameter tokens
return getTokens(confService.getTokenMapping(), filter);
}
@Override
protected Map<String, String> getTokens(Connection connection)
throws GuacamoleException {
String name = connection.getName();
String identifier = connection.getIdentifier();
logger.debug("Injecting tokens from vault for connection \"{}\" "
+ "(\"{}\").", identifier, name);
// Add general and connection-specific tokens
TokenFilter filter = createFilter();
filter.setToken(CONNECTION_NAME_TOKEN, connection.getName());
filter.setToken(CONNECTION_IDENTIFIER_TOKEN, identifier);
// Add hostname and username tokens if available (implementations are
// not required to expose connection configuration details)
GuacamoleConfiguration config = connection.getConfiguration();
String hostname = config.getParameter("hostname");
if (hostname != null)
filter.setToken(CONNECTION_HOSTNAME_TOKEN, hostname);
else
logger.debug("Hostname for connection \"{}\" (\"{}\") not "
+ "available. \"{}\" token will not be populated in "
+ "secret names.", identifier, name,
CONNECTION_HOSTNAME_TOKEN);
String username = config.getParameter("username");
if (username != null)
filter.setToken(CONNECTION_USERNAME_TOKEN, username);
else
logger.debug("Username for connection \"{}\" (\"{}\") not "
+ "available. \"{}\" token will not be populated in "
+ "secret names.", identifier, name,
CONNECTION_USERNAME_TOKEN);
// Substitute tokens producing secret names, retrieving and storing
// those secrets as parameter tokens
return getTokens(confService.getTokenMapping(), filter);
}
}

46
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/java/org/apache/guacamole/auth/vault/user/VaultUserContextFactory.java Normal file
View File

@@ -0,0 +1,46 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.vault.user;
import org.apache.guacamole.net.auth.UserContext;
/**
* Factory for creating UserContext instances which automatically inject tokens
* containing the values of secrets retrieved from a vault.
*/
public interface VaultUserContextFactory {
/**
* Returns a new instance of a UserContext implementation which
* automatically injects tokens containing values of secrets retrieved from
* a vault. The given UserContext is decorated such that connections and
* connection groups will receive additional tokens during the connection
* process.
*
* @param userContext
* The UserContext instance to decorate.
*
* @return
* A new UserContext instance which automatically injects tokens
* containing values of secrets retrieved from a vault.
*/
UserContext create(UserContext userContext);
}

7
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-base/src/main/resources/translations/en.json Normal file
View File

@@ -0,0 +1,7 @@
{
"DATA_SOURCE_AZURE_KEYVAULT" : {
"NAME" : "Azure Key Vault"
}
}

0
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-dist/.ratignore Normal file
View File

63
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-dist/pom.xml Normal file
View File

@@ -0,0 +1,63 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-auth-vault-dist</artifactId>
<packaging>pom</packaging>
<name>guacamole-auth-vault-dist</name>
<url>http://guacamole.apache.org/</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<parent>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-auth-vault</artifactId>
<version>1.4.0</version>
<relativePath>../../</relativePath>
</parent>
<dependencies>
<!-- Azure Key Vault Extension -->
<dependency>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-auth-vault-azure</artifactId>
<version>1.4.0</version>
</dependency>
</dependencies>
<build>
<!-- Dist .tar.gz for guacamole-auth-vault should be named after the
parent guacamole-auth-vault project, not after
guacamole-auth-vault-dist -->
<finalName>${project.parent.artifactId}-${project.parent.version}</finalName>
</build>
</project>

54
extensions/guacamole-auth-vault/modules/guacamole-auth-vault-dist/src/main/assembly/dist.xml Normal file
View File

@@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<assembly
xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
<id>dist</id>
<baseDirectory>${project.parent.artifactId}-${project.parent.version}</baseDirectory>
<!-- Output .tar.gz -->
<formats>
<format>tar.gz</format>
</formats>
<!-- Include extension .jars -->
<dependencySets>
<!-- Azure Key Vault extension .jar -->
<dependencySet>
<outputDirectory>azure</outputDirectory>
<includes>
<include>org.apache.guacamole:guacamole-auth-vault-azure</include>
</includes>
</dependencySet>
</dependencySets>
<!-- Licenses -->
<fileSets>
<fileSet>
<outputDirectory></outputDirectory>
<directory>target/licenses</directory>
</fileSet>
</fileSets>
</assembly>

67
extensions/guacamole-auth-vault/pom.xml Normal file
View File

@@ -0,0 +1,67 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-auth-vault</artifactId>
<packaging>pom</packaging>
<version>1.4.0</version>
<name>guacamole-auth-vault</name>
<url>http://guacamole.apache.org/</url>
<parent>
<groupId>org.apache.guacamole</groupId>
<artifactId>extensions</artifactId>
<version>1.4.0</version>
<relativePath>../</relativePath>
</parent>
<modules>
<!-- Distribution .tar.gz -->
<module>modules/guacamole-auth-vault-dist</module>
<!-- Base key vault classes -->
<module>modules/guacamole-auth-vault-base</module>
<!-- Provider-specific implementations -->
<module>modules/guacamole-auth-vault-azure</module>
</modules>
<dependencyManagement>
<dependencies>
<!-- Guacamole Extension API -->
<dependency>
<groupId>org.apache.guacamole</groupId>
<artifactId>guacamole-ext</artifactId>
<version>1.4.0</version>
<scope>provided</scope>
</dependency>
</dependencies>
</dependencyManagement>
</project>

1
extensions/pom.xml
View File

@@ -48,6 +48,7 @@
<module>guacamole-auth-quickconnect</module>
<module>guacamole-auth-sso</module>
<module>guacamole-auth-totp</module>
<module>guacamole-auth-vault</module>
</modules>

7
pom.xml
View File

@@ -209,8 +209,8 @@
<target>1.8</target>
<compilerArgs>
<arg>-Xlint:all</arg>
<arg>-Werror</arg>
</compilerArgs>
<failOnWarning>true</failOnWarning>
<fork>true</fork>
</configuration>
</plugin>
@@ -382,6 +382,11 @@
<artifactId>jackson-dataformat-yaml</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-joda</artifactId>
<version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.module</groupId>
<artifactId>jackson-module-jaxb-annotations</artifactId>