Merge pull request #27 from hmcts/EM-1875-openId-connect-updates

Em 1875 open id connect updates

README.md

@@ -22,7 +22,7 @@ public class MyTestScenario {
 <pre>
 idam:
   api:
-    url: 'http://localhost:4501'
+    url: 'http://localhost:5000'
   client:
     id: 'webshow'
     secret: 'AAAAAAAAAAAAAAAA'

build.gradle

@@ -188,7 +188,7 @@ dependencies {
     api group: 'io.github.openfeign', name: 'feign-httpclient', version: feignVersion
     api group: 'io.github.openfeign.form', name: 'feign-form', version: feignFormVersion
     api group: 'com.fasterxml.jackson.datatype', name: 'jackson-datatype-jdk8'
-    compile "com.squareup.okhttp3:okhttp:4.3.1"
+
     compileOnly group: 'org.projectlombok', name: 'lombok', version: lombokVersion
     annotationProcessor group: 'org.projectlombok', name: 'lombok', version: lombokVersion
 

config/checkstyle/suppressions.xml

@@ -7,4 +7,6 @@
 <suppressions>
     <!-- feign-form doesn't support remapping pojo field names, so we have to use exact names required by the API -->
     <suppress files="ExchangeCodeRequest.java|AuthenticateUserRequest.java" checks="MemberName"/>
+    <suppress files="OpenIdAuthUserRequest.java|OpenIdConfiguration.java" checks="ParameterName"/>
+    <suppress files="IdamHelperTest.java" checks="CustomImportOrder"/>
 </suppressions>

docker-compose-dependencies.yml

@@ -31,51 +31,71 @@ services:
       - 4502:8489
 
   idam-api:
-    image: hmctsprivate.azurecr.io/tidam/api:latest
+    image: hmctspublic.azurecr.io/idam/api:stable
     healthcheck:
       interval: 10s
       timeout: 10s
       retries: 10
     environment:
-      SPRING_DATASOURCE_URL: jdbc:postgresql://idam-database:5432/idam
-      SPRING_DATASOURCE_USERNAME: idam-username
-      SPRING_DATASOURCE_PASSWORD: idam-password
-      SPRING_MAIL_HOST: smtp-server
-      IDAM_TESTING_SUPPORT_ENABLED: "true"
-      IDAM_API_OAUTH2_CLIENT_CLIENT_SECRETS_WEBSHOW: AAAAAAAAAAAAAAAA
-      IDAM_API_OAUTH2_CLIENT_CLIENT_SECRETS_CCD_GATEWAY: AAAAAAAAAAAAAAAA
-      IDAM_API_OAUTH2_CLIENT_CLIENT_SECRETS_CCD_ADMIN: AAAAAAAAAAAAAAAA
-      IDAM_WEBSHOW_WHITELIST: http://localhost:8080/oauth2redirect
-      REFORM_SERVICE_NAME: idam-api
-      REFORM_TEAM: idam
-      REFORM_ENVIRONMENT: local
-      http_proxy:
-      https_proxy:
-      no_proxy:
+      - JAVA_TOOL_OPTIONS=-Xms128m -Xmx512m -XX:MaxPermSize=512m
+      - SPRING_PROFILES_ACTIVE=local
+      - CACHING_ENABLED=false
+      - SPRING_DATA_ELASTICSEARCH_PROPERTIES_PATH_HOME=/tmp/es
+      - TESTING_SUPPORT_ENABLED=true
+      - IDAMHEALTHCHECK_AM_ENABLED=false
+      - IDAMHEALTHCHECK_IDM_ENABLED=false
+      - STRATEGIC_ADMIN_URL=http://idam-web-admin:8082
+      - STRATEGIC_WEBPUBLIC_URL=http://idam-web-public:9002
+      - SPRING_DATASOURCE_URL=jdbc:postgresql://shared-db:5432/openidm?currentSchema=fridam
+      - SPRING_DATASOURCE_USERNAME=openidm
+      - SPRING_DATASOURCE_PASSWORD=openidm
+      - SECURITY_OAUTH2_CLIENT_CLIENTSECRET=password
+      - SECURITY_OAUTH2_CLIENT_PRE_ESTABLISHED_REDIRECT_URI=http://idam-web-public:9002/login
+      - SECURITY_OAUTH2_CLIENT_REGISTERED_REDIRECT_URI=http://idam-web-public:9002/login
+      - IDAM_SPI_FORGEROCK_AM_ROOT=http://fr-am:8080/openam
+      - IDAM_SPI_FORGEROCK_AM_TOPLEVELHOST=fr-am
+      - IDAM_SPI_FORGEROCK_AM_USERNAME=amadmin
+      - IDAM_SPI_FORGEROCK_AM_PASSWORD=Pa55word11
+      - IDAM_SPI_FORGEROCK_AM_JWKSURIFOROAUTH2CLIENTS=http://fr-am:8080/openam/oauth2/hmcts/connect/jwk_uri
+      - IDAM_SPI_FORGEROCK_IDM_ROOT=http://fr-idm:18080/openidm
+      - IDAM_SPI_FORGEROCK_IDM_USERNAME=openidm-admin
+      - IDAM_SPI_FORGEROCK_IDM_PASSWORD=openidm-admin
+      - IDAM_SPI_FORGEROCK_IDM_PIN_DEFAULTPASSWORD=BlaBlaBlackSh33p
+      - IDAM_API_OAUTH2_CLIENT_CLIENT_SECRETS_WEBSHOW=AAAAAAAAAAAAAAAA
+      - IDAM_WEBSHOW_WHITELIST=http://localhost:8080/oauth2redirect
+      - REFORM_SERVICE_NAME=idam-api
+      - REFORM_TEAM=idam
+      - REFORM_ENVIRONMENT=local
     ports:
-      - 4501:8080
-    links:
-      - smtp-server
-      - idam-database
+      - 5000:5000
+
+  idam-web-public:
+    image: hmctspublic.azurecr.io/idam/web-public:stable
+    environment:
+      - JAVA_TOOL_OPTIONS=-Xms128m -Xmx512m -XX:MaxPermSize=512m
+      - STRATEGIC_SERVICE_URL=http://idam-api:5000
+    ports:
+      - 9002:8080
     depends_on:
-      - idam-database
-      - smtp-server
+      - idam-api
+
+  idam-web-admin:
+    image: hmctspublic.azurecr.io/idam/web-admin:stable
+    environment:
+      - JAVA_TOOL_OPTIONS=-Xms128m -Xmx512m -XX:MaxPermSize=512m
+      - STRATEGIC_SERVICE_URL=http://idam-api:5000
+      - STRATEGIC_PUBLIC_URL=http://idam-web-public:9002
+    ports:
+      - 8082:8080
+    depends_on:
+      - idam-api
 
   smtp-server:
     image: mailhog/mailhog
     ports:
       - 1025:1025
       - 8025:8025
 
-  idam-database:
-    image: postgres
-    environment:
-      - POSTGRES_USER=idam-username
-      - POSTGRES_PASSWORD=idam-password
-      - POSTGRES_DB=idam
-    ports:
-      - 5434:5432
-
   dm-store:
     image: hmctspublic.azurecr.io/dm/store:latest
     environment:
@@ -112,7 +132,7 @@ services:
       - PACKAGES_NAME=dm-store
       - PACKAGES_VERSION=unkown
       #      debug mode
-      - JAVA_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005
+      - JAVA_TOOL_OPTIONS=-Xms128m -Xmx512m -XX:MaxPermSize=512m
     links:
       - dm-store-db
       - service-auth-provider-api
@@ -250,7 +270,7 @@ services:
       DB_USERNAME: ccd
       DB_PASSWORD: ccd
     ports:
-      - 5000:5432
+      - 5001:5432
     volumes:
       - em-shared-db:/var/lib/postgresql/data
 
@@ -298,20 +318,33 @@ services:
       - ccd-data-store-api
       - dm-store
 
-  authentication-web:
-    image: hmctsprivate.azurecr.io/tidam/authentication-web:latest
+  fr-am:
+    image: hmctsprivate.azurecr.io/idam/idam-fr-am:latest
     environment:
-      IDAM_API_URL: http://idam-api:8080
-      IDAM_CONTINUE_URL_VALIDATOR_ENFORCE_TLS: "false"
-      REFORM_SERVICE_NAME: idam-api
-      REFORM_TEAM: idam
-      REFORM_ENVIRONMENT: local
+      - JAVA_TOOL_OPTIONS=-Xms128m -Xmx512m -XX:MaxPermSize=512m
+    hostname: localam
     ports:
-      - 3501:8000
-    links:
-      - idam-api
+      - 9080:8080
+      - 1389:1389
     depends_on:
-      - idam-api
+      - shared-db
+
+  fr-idm:
+    image: hmctsprivate.azurecr.io/idam/idam-fr-idm:latest
+    environment:
+      - JAVA_TOOL_OPTIONS=-Xms128m -Xmx512m -XX:MaxPermSize=512m
+    hostname: localidm
+    ports:
+      - 18080:18080
+      - 9010:9010
+    depends_on:
+      - fr-am
+      - shared-db
+
+  shared-db:
+    image: hmctsprivate.azurecr.io/idam/shared-db:latest
+    ports:
+      - 5432:5432
 
 volumes:
   em-shared-db:

src/aat/resources/application.yml

@@ -5,11 +5,13 @@ spring:
 
 idam:
   api:
-    url: 'http://localhost:4501'
+    url: 'http://localhost:5000'
   client:
     id: 'webshow'
     secret: 'AAAAAAAAAAAAAAAA'
     redirect_uri: 'http://localhost:8080/oauth2redirect'
+    grant_type: 'password'
+    scope: 'openid roles profile'
 
 s2s:
   api:

src/main/java/uk/gov/hmcts/reform/em/EmTestConfig.java

@@ -4,12 +4,8 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.http.client.SimpleClientHttpRequestFactory;
 import org.springframework.web.client.RestTemplate;
 
-import java.net.InetSocketAddress;
-import java.net.Proxy;
-
 
 @Configuration
 @ComponentScan({"uk.gov.hmcts.reform.em.test.**"})
@@ -18,12 +14,7 @@ public class EmTestConfig {
 
     @Bean
     RestTemplate restTemplate() {
-        SimpleClientHttpRequestFactory requestFactory = new SimpleClientHttpRequestFactory();
-
-        Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("proxyout.reform.hmcts.net", 8080));
-        requestFactory.setProxy(proxy);
-
-        return new RestTemplate(requestFactory);
+        return new RestTemplate();
     }
 
 }

src/main/java/uk/gov/hmcts/reform/em/test/idam/DeleteUserApi.java

@@ -9,8 +9,7 @@
 
 @FeignClient(
     name = "idam-test-api-delete",
-    url = "${idam.api.url}/testing-support",
-        configuration = IdamConfiguration.class
+    url = "${idam.api.url}/testing-support"
 )
 @ConditionalOnProperty("idam.api.url")
 public interface DeleteUserApi {

src/main/java/uk/gov/hmcts/reform/em/test/idam/IdamConfiguration.java

@@ -1,37 +1,23 @@
 package uk.gov.hmcts.reform.em.test.idam;
 
-import okhttp3.OkHttpClient;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.cloud.openfeign.EnableFeignClients;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Scope;
 import uk.gov.hmcts.reform.idam.client.IdamClient;
 import uk.gov.hmcts.reform.idam.client.IdamTestApi;
 
-import java.net.InetSocketAddress;
-import java.net.Proxy;
-
 @Configuration
 @ConditionalOnProperty("idam.api.url")
 @ComponentScan(basePackages = "uk.gov.hmcts.reform.idam.client")
 @EnableFeignClients(basePackages = {"uk.gov.hmcts.reform.em.test.idam", "uk.gov.hmcts.reform.idam.client"})
 public class IdamConfiguration {
 
     @Bean
-    IdamHelper idamHelper(IdamClient idamClient, IdamTestApi idamTestApi, DeleteUserApi deleteUserApi) {
-        return new IdamHelper(idamClient, idamTestApi, deleteUserApi);
-    }
-
-    @Bean
-    @Scope("prototype")
-    public OkHttpClient client() {
-
-        OkHttpClient okHttpClient = new OkHttpClient.Builder()
-                .proxy(new Proxy(Proxy.Type.HTTP, new InetSocketAddress("proxyout.reform.hmcts.net", 8080)))
-                .build();
-
-        return okHttpClient;
+    IdamHelper idamHelper(IdamClient idamClient, IdamTestApi idamTestApi, DeleteUserApi deleteUserApi,
+                          OpenIdUserApi openIdUserApi, OpenIdConfiguration openIdConfiguration) {
+        return new IdamHelper(idamClient, idamTestApi, deleteUserApi, openIdUserApi,
+                     openIdConfiguration);
     }
 }

src/main/java/uk/gov/hmcts/reform/em/test/idam/IdamHelper.java

@@ -1,11 +1,14 @@
 package uk.gov.hmcts.reform.em.test.idam;
 
 import feign.FeignException;
+import uk.gov.hmcts.reform.em.test.idam.client.models.OpenIdAuthUserRequest;
+import uk.gov.hmcts.reform.em.test.idam.client.models.OpenIdAuthUserResponse;
 import uk.gov.hmcts.reform.idam.client.IdamClient;
 import uk.gov.hmcts.reform.idam.client.IdamTestApi;
 import uk.gov.hmcts.reform.idam.client.models.test.CreateUserRequest;
 import uk.gov.hmcts.reform.idam.client.models.test.UserRole;
 
+import java.util.Base64;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -19,14 +22,21 @@ public class IdamHelper {
 
     private final DeleteUserApi deleteUserApi;
 
+    private final OpenIdUserApi openIdUserApi;
+
+    private final OpenIdConfiguration openIdConfiguration;
+
     private final String password = "4590fgvhbfgbDdffm3lk4j";
 
     private final Map<String, String> idamTokens = new HashMap<>();
 
-    public IdamHelper(IdamClient idamClient, IdamTestApi idamTestApi, DeleteUserApi deleteUserApi) {
+    public IdamHelper(IdamClient idamClient, IdamTestApi idamTestApi, DeleteUserApi deleteUserApi,
+                      OpenIdUserApi openIdUserApi, OpenIdConfiguration openIdConfiguration) {
         this.idamClient = idamClient;
         this.idamTestApi = idamTestApi;
         this.deleteUserApi = deleteUserApi;
+        this.openIdUserApi = openIdUserApi;
+        this.openIdConfiguration = openIdConfiguration;
     }
 
     public void createUser(String username, List<String> roles) {
@@ -53,11 +63,20 @@ public String getUserId(String username) {
 
     public String authenticateUser(String username) {
         if (!idamTokens.containsKey(username)) {
-            String code = idamClient.authenticateUser(username, password);
+            String code = authenticateOpenIdUser(username, password);
             idamTokens.put(username, code);
         }
         return idamTokens.get(username);
     }
 
+    private String authenticateOpenIdUser(String username, String password) {
+        String authorisation = username + ":" + password;
+        String base64Authorisation = Base64.getEncoder().encodeToString(authorisation.getBytes());
+        OpenIdAuthUserResponse openIdAuthUserResponse = openIdUserApi.authenticateUser("Basic " + base64Authorisation,
+                new OpenIdAuthUserRequest(openIdConfiguration.getGrantType(), openIdConfiguration.getClientId(),
+                        openIdConfiguration.getRedirectUri(), openIdConfiguration.getScope()));
+        return "Bearer " + openIdAuthUserResponse.getAccessToken();
+    }
+
 
 }

src/main/java/uk/gov/hmcts/reform/em/test/idam/OpenIdConfiguration.java

@@ -0,0 +1,39 @@
+package uk.gov.hmcts.reform.em.test.idam;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class OpenIdConfiguration {
+
+    private String clientId;
+    private String redirectUri;
+    private String grant_type;
+    private String scope;
+
+    public OpenIdConfiguration(@Value("${idam.client.id:}") String clientId,
+                               @Value("${idam.client.redirect_uri:}") String redirectUri,
+                               @Value("${idam.client.scope:}") String scope,
+                               @Value("${idam.client.grant_type:}") String grant_type) {
+        this.clientId = clientId;
+        this.redirectUri = redirectUri;
+        this.grant_type = grant_type;
+        this.scope = scope;
+    }
+
+    public String getClientId() {
+        return clientId;
+    }
+
+    public String getRedirectUri() {
+        return redirectUri;
+    }
+
+    public String getGrantType() {
+        return grant_type;
+    }
+
+    public String getScope() {
+        return scope;
+    }
+}