implement TODOs

- fetch configuration of AdminUiPage Component - validate config - use configuration to get attributes
2026-02-17 15:16:16 +01:00 · 2026-02-17 15:16:16 +01:00 · 8ea38a0748
commit 8ea38a0748
parent a7be1213af
2 changed files with 57 additions and 39 deletions
--- a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/AdminUiPage.java
+++ b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/AdminUiPage.java
@ -12,10 +12,11 @@ import org.keycloak.services.ui.extend.UiPageProviderFactory;
 import java.util.List;
 /**
- * Implements UiPageProvider to show a config page in the admin ui
+ * Implements UiPageProvider to show a config page in the admin
 */
@AutoService(UiPageProviderFactory.class)
 public class AdminUiPage implements UiPageProvider, UiPageProviderFactory<ComponentModel> {
    public static final String PROVIDER_ID = "🪪 Attribute Endpoints 🚀";
    @Override
    public void init(Config.Scope config) {
@ -31,7 +32,7 @@ public class AdminUiPage implements UiPageProvider, UiPageProviderFactory<Compon
    @Override
    public String getId() {
-        return "🪪 Attribute Endpoints 🚀";
+        return PROVIDER_ID;
    }
    @Override
--- a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java
+++ b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java
@ -1,5 +1,6 @@
 package de.ccc.hamburg.keycloak.ssh_key;
 import java.util.Collection;
 import java.util.List;
 import java.util.Objects;
 import java.util.regex.Matcher;
@ -7,6 +8,7 @@ import java.util.regex.Pattern;
 import java.util.stream.Stream;
 import org.jboss.logging.Logger;
 import org.keycloak.component.ComponentModel;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.KeycloakContext;
 import org.keycloak.models.KeycloakSession;
@ -24,9 +26,11 @@ import org.keycloak.userprofile.UserProfileProvider;
 import io.quarkus.security.UnauthorizedException;
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.NotAuthorizedException;
 import jakarta.ws.rs.NotFoundException;
 import jakarta.ws.rs.Path;
 import jakarta.ws.rs.PathParam;
 import jakarta.ws.rs.Produces;
 import jakarta.ws.rs.ServerErrorException;
 import jakarta.ws.rs.core.MediaType;
 import jakarta.ws.rs.core.Response;
@ -34,10 +38,6 @@ public class SSHKeyResourceProvider implements RealmResourceProvider {
    private static final Logger LOG = Logger.getLogger(SSHKeyResourceProvider.class);
    private final KeycloakSession session;
    // taken from: https://github.com/nemchik/ssh-key-regex
    private static final Pattern SSH_PUBLIC_KEY = Pattern.compile(
            "^(?<key>(ssh-dss AAAAB3NzaC1kc3|ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNT|ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzOD|ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1Mj|sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb2|ssh-ed25519 AAAAC3NzaC1lZDI1NTE5|sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29t|ssh-rsa AAAAB3NzaC1yc2)[0-9A-Za-z+/]+[=]{0,3})(\\s.*)?$");
    public SSHKeyResourceProvider(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }
@ -58,68 +58,85 @@ public class SSHKeyResourceProvider implements RealmResourceProvider {
        KeycloakContext context = session.getContext();
        RealmModel realm = context.getRealm();
-        // TODO: check if slug exists
+        List<ComponentModel> componentList = realm.getComponentsStream()
                .filter(c -> c.getProviderId().equals(AdminUiPage.PROVIDER_ID))
                .filter(c -> c.getConfig().getFirst("slug").equals(slug))
                .toList();
-        // TODO: get config defined by AdminUiPage
+        if (componentList.isEmpty()) {
-
+            throw new NotFoundException("Endpoint not found.");
        // get config for slug and check if it is valid
        RoleModel authRole;
        RoleModel matchRole;
        String attributeGroup;
        String attributeRegex;
        try {
            authRole = realm.getRole("dooris-export");
            matchRole = realm.getRole("dooris-access");
            attributeGroup = "dooris";
            attributeRegex = "placeholder_config_attributeRegex";
            // TODO: check if AttributeGroup exists
        } catch (Exception e) {
            System.err.println(e);
            return Response.status(500, e.getMessage()).build();
        }
-        Auth auth;
+        Auth auth = SSHKeyResourceProvider.getAuth(session);
        ComponentModel component = componentList.get(0);
        String configAuthRole = component.getConfig().getFirst("auth-role");
        RoleModel authRole = realm.getRole(configAuthRole);
        if (authRole == null) {
            throw new ServerErrorException("Endpoint Configuration Error - auth-role does not exist.", 500);
        }
        String configMatchRole = component.getConfig().getFirst("match-role");
        RoleModel matchRole = realm.getRole(configMatchRole);
        if (matchRole == null) {
            throw new ServerErrorException("Endpoint Configuration Error - match-role does not exist.", 500);
        }
        UserProfileProvider profileProvider = session.getProvider(UserProfileProvider.class);
        UPConfig upconfig = profileProvider.getConfiguration();
        String configAttributeGroup = component.getConfig().getFirst("attribute-group");
        if (!upconfig.getGroups().stream().anyMatch(g -> g.getName().equals(configAttributeGroup))) {
            throw new ServerErrorException("Endpoint Configuration Error - attribute-group does not exist.", 500);
        }
        String configAttributeRegex = component.getConfig().getFirst("attribute-regex");
        Pattern attributeRegex;
        try {
-            auth = SSHKeyResourceProvider.getAuth(session);
+            attributeRegex = Pattern.compile(configAttributeRegex);
        } catch (Exception e) {
-            System.err.println(e);
+            throw new ServerErrorException(
-            return Response.status(401, e.getMessage()).build();
+                    "Endpoint Configuration Error - attribute-regex is not a valid regex pattern.", 500);
        }
        try {
            UserModel user = auth.getUser();
            if (!user.hasRole(authRole)) {
-                throw new UnauthorizedException("User does not have requires auth role.");
+                throw new UnauthorizedException("User does not have required auth role.");
            }
        } catch (Exception e) {
            System.err.println(e);
            return Response.status(403, e.getMessage()).build();
        }
-        UserProvider userProvider = session.users();
+        if (componentList.size() > 1) {
-        UserProfileProvider profileProvider = session.getProvider(UserProfileProvider.class);
+            throw new NotFoundException(
-        UPConfig upconfig = profileProvider.getConfiguration();
+                    "Endpoint Configuration Error - Multiple configurations exist for this endpoint.");
        }
        List<String> attributeNames = upconfig.getAttributes()
                .stream()
-                .filter(a -> a.getGroup() != null && a.getGroup().equals(attributeGroup))
+                .filter(a -> a.getGroup() != null && a.getGroup().equals(configAttributeGroup))
                .map(a -> a.getName())
                .toList();
        UserProvider userProvider = session.users();
        Stream<UserModel> users = userProvider.getRoleMembersStream(realm, matchRole);
        List<String> attribute_list = users
                .map(user -> {
-                    return attributeNames
+                    Stream<String> attributeStream = attributeNames.stream()
-                            .stream()
+                            .map(attributeName -> user.getAttributeStream(attributeName).toList())
-                            .map(attributeName -> user.getAttributeStream(attributeName).findFirst())
+                            .flatMap(Collection::stream);
-                            .filter(attribute -> attribute.isPresent())
+
-                            .map(attribute -> attribute.get())
+                    return attributeStream
                            .filter(attribute -> !attribute.isEmpty())
                            .toList();
                })
                .flatMap(List::stream)
-                .map(key -> {
+                .map(attribute -> {
-                    final Matcher matcher = SSH_PUBLIC_KEY.matcher(key);
+                    final Matcher matcher = attributeRegex.matcher(attribute);
-                    return matcher.find() ? matcher.group("key") : null;
+                    return matcher.find() ? attribute : null;
                })
                .filter(Objects::nonNull)
                .toList();