From c518d4a514d288a38c16ac696992967ffe10c31b Mon Sep 17 00:00:00 2001 From: June Date: Fri, 31 Oct 2025 19:40:34 +0100 Subject: [PATCH 1/4] rename package Co-authored-by: kritzl --- ssh-key-provider/pom.xml | 2 +- .../de/ccc/hamburg/keycloak/{ => ssh_key}/AuthHelper.java | 2 +- .../keycloak/{ => ssh_key}/SSHKeyResourceProvider.java | 8 +------- .../{ => ssh_key}/SSHKeyResourceProviderFactory.java | 7 +------ 4 files changed, 4 insertions(+), 15 deletions(-) rename ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/{ => ssh_key}/AuthHelper.java (97%) rename ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/{ => ssh_key}/SSHKeyResourceProvider.java (86%) rename ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/{ => ssh_key}/SSHKeyResourceProviderFactory.java (75%) diff --git a/ssh-key-provider/pom.xml b/ssh-key-provider/pom.xml index 32b6da5..90651ca 100644 --- a/ssh-key-provider/pom.xml +++ b/ssh-key-provider/pom.xml @@ -5,7 +5,7 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 - de.ccc.hamburg.keycloak + de.ccc.hamburg.keycloak.ssh_key ssh-key-provider 1.0-SNAPSHOT diff --git a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/AuthHelper.java b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/AuthHelper.java similarity index 97% rename from ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/AuthHelper.java rename to ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/AuthHelper.java index 6138607..cf3091d 100644 --- a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/AuthHelper.java +++ b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/AuthHelper.java @@ -1,4 +1,4 @@ -package de.ccc.hamburg.keycloak; +package de.ccc.hamburg.keycloak.ssh_key; import jakarta.ws.rs.ForbiddenException; import jakarta.ws.rs.NotAuthorizedException; diff --git a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/SSHKeyResourceProvider.java b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java similarity index 86% rename from ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/SSHKeyResourceProvider.java rename to ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java index 6d0a475..1510489 100644 --- a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/SSHKeyResourceProvider.java +++ b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java @@ -1,4 +1,4 @@ -package de.ccc.hamburg.keycloak; +package de.ccc.hamburg.keycloak.ssh_key; import java.util.Map; import java.util.stream.Stream; @@ -9,13 +9,7 @@ import jakarta.ws.rs.Path; import jakarta.ws.rs.Produces; import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.MediaType; -import org.eclipse.microprofile.openapi.annotations.Operation; -import org.eclipse.microprofile.openapi.annotations.enums.SchemaType; -import org.eclipse.microprofile.openapi.annotations.media.Content; -import org.eclipse.microprofile.openapi.annotations.media.Schema; -import org.eclipse.microprofile.openapi.annotations.responses.APIResponse; import org.keycloak.models.GroupModel; -import org.keycloak.models.GroupProvider; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; diff --git a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/SSHKeyResourceProviderFactory.java b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProviderFactory.java similarity index 75% rename from ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/SSHKeyResourceProviderFactory.java rename to ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProviderFactory.java index 1eb8632..4f615d2 100644 --- a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/SSHKeyResourceProviderFactory.java +++ b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProviderFactory.java @@ -1,16 +1,11 @@ -package de.ccc.hamburg.keycloak; +package de.ccc.hamburg.keycloak.ssh_key; import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.services.resource.RealmResourceProvider; import org.keycloak.services.resource.RealmResourceProviderFactory; -import org.keycloak.Config.Scope; import com.google.auto.service.AutoService; import org.keycloak.Config; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.services.resource.RealmResourceProvider; -import org.keycloak.services.resource.RealmResourceProviderFactory; @AutoService(RealmResourceProviderFactory.class) public class SSHKeyResourceProviderFactory implements RealmResourceProviderFactory { From 9a4dbfeb16c1353b6fab5c2ed3e5d441b425f8af Mon Sep 17 00:00:00 2001 From: June Date: Fri, 31 Oct 2025 19:41:18 +0100 Subject: [PATCH 2/4] remove test route Co-authored-by: kritzl --- .../keycloak/ssh_key/SSHKeyResourceProvider.java | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java index 1510489..0d10433 100644 --- a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java +++ b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java @@ -35,19 +35,9 @@ public class SSHKeyResourceProvider implements RealmResourceProvider { } @GET - @Path("hello") + @Path("export") @Produces(MediaType.APPLICATION_JSON) - @Operation(summary = "Public hello endpoint", description = "This endpoint returns hello and the name of the requested realm.") - @APIResponse(responseCode = "200", description = "", content = { - @Content(schema = @Schema(implementation = Response.class, type = SchemaType.OBJECT)) }) - public Response helloAnonymous() { - return Response.ok(Map.of("hello", session.getContext().getRealm().getName())).build(); - } - - @GET - @Path("hello-auth") - @Produces(MediaType.APPLICATION_JSON) - public Response helloAuthenticated() { + public Response exportKeys() { UserProvider userProvider = session.users(); try { From 8e9674cf5c27b2ae25b176f9bdd48ea9159dedac Mon Sep 17 00:00:00 2001 From: June Date: Fri, 31 Oct 2025 19:42:34 +0100 Subject: [PATCH 3/4] update dev setup in compose.yaml Co-authored-by: kritzl --- compose.yaml | 2 +- local-dev/.gitkeep | 0 local-dev/providers/.gitkeep | 0 3 files changed, 1 insertion(+), 1 deletion(-) delete mode 100644 local-dev/.gitkeep delete mode 100644 local-dev/providers/.gitkeep diff --git a/compose.yaml b/compose.yaml index 0be3049..da8b72e 100644 --- a/compose.yaml +++ b/compose.yaml @@ -10,4 +10,4 @@ services: ports: - "8080:8080" volumes: - - ./local-dev/providers/:/opt/keycloak/providers/ + - ./ssh-key-provider/target/ssh-key-provider-1.0-SNAPSHOT.jar:/opt/keycloak/providers/ssh-key-provider.jar \ No newline at end of file diff --git a/local-dev/.gitkeep b/local-dev/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/local-dev/providers/.gitkeep b/local-dev/providers/.gitkeep deleted file mode 100644 index e69de29..0000000 From e4b4497b30b38458c1155f295b0904ea636289ec Mon Sep 17 00:00:00 2001 From: June Date: Fri, 31 Oct 2025 19:52:40 +0100 Subject: [PATCH 4/4] introduce path parameter in export endpoint for specifying group id Co-authored-by: kritzl --- .../hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java index 0d10433..fb5c2d4 100644 --- a/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java +++ b/ssh-key-provider/src/main/java/de/ccc/hamburg/keycloak/ssh_key/SSHKeyResourceProvider.java @@ -6,6 +6,7 @@ import java.util.stream.Stream; import org.jboss.logging.Logger; import jakarta.ws.rs.GET; import jakarta.ws.rs.Path; +import jakarta.ws.rs.PathParam; import jakarta.ws.rs.Produces; import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.MediaType; @@ -35,9 +36,9 @@ public class SSHKeyResourceProvider implements RealmResourceProvider { } @GET - @Path("export") + @Path("export/{group_id}") @Produces(MediaType.APPLICATION_JSON) - public Response exportKeys() { + public Response exportKeys(@PathParam("group_id") String groupId) { UserProvider userProvider = session.users(); try { @@ -45,7 +46,8 @@ public class SSHKeyResourceProvider implements RealmResourceProvider { authResult -> authResult.getToken().getIssuedFor().equals("admin-cli")); RealmModel realm = session.getContext().getRealm(); - GroupModel group = realm.getGroupById("fbf5f78b-d2be-49dd-b04f-11a5e8ee583f"); + // TODO: add allowlist check + GroupModel group = realm.getGroupById(groupId); LOG.info(String.format("Getting Users from Group \"%s\" with ID %s", group.getName(), group.getId()));