41 add client parameter to requests

.github/workflows/build.yml

@@ -40,7 +40,7 @@ jobs:
         echo "branches = ${{ steps.jacoco.outputs.branches }}"
 
     - name: Upload JaCoCo coverage report as a workflow artifact
-      uses: actions/upload-artifact@v2
+      uses: actions/upload-artifact@v3
       with:
         name: jacoco-report
         path: target/site/jacoco/

pom.xml

@@ -50,8 +50,8 @@
                 <artifactId>maven-compiler-plugin</artifactId>
                 <version>3.8.1</version>
                 <configuration>
-                    <source>1.8</source>
-                    <target>1.8</target>
+                    <source>11</source>
+                    <target>11</target>
                 </configuration>
             </plugin>
             <plugin>
@@ -86,7 +86,7 @@
         <dependency>
             <groupId>com.squareup.okhttp3</groupId>
             <artifactId>okhttp</artifactId>
-            <version>4.10.0</version>
+            <version>4.12.0</version>
         </dependency>
         <dependency>
             <groupId>org.jetbrains.kotlin</groupId>

src/main/java/org/privacyidea/AsyncRequestCallable.java

@@ -16,16 +16,17 @@
  */
 package org.privacyidea;
 
+import okhttp3.Call;
+import okhttp3.Callback;
+import okhttp3.Response;
+import org.jetbrains.annotations.NotNull;
+
 import java.io.IOException;
 import java.util.Collections;
 import java.util.Map;
 import java.util.concurrent.Callable;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.TimeUnit;
-import okhttp3.Call;
-import okhttp3.Callback;
-import okhttp3.Response;
-import org.jetbrains.annotations.NotNull;
 
 import static org.privacyidea.PIConstants.ENDPOINT_AUTH;
 

src/main/java/org/privacyidea/Challenge.java

@@ -21,21 +21,21 @@
 
 public class Challenge
 {
-    private final List<String> attributes = new ArrayList<>();
-    private final String serial;
-    private final String clientMode;
-    private final String message;
-    private final String transactionId;
-    private final String type;
-    private final String image;
-
-    public Challenge(String serial, String message, String clientMode, String image, String transactionId, String type)
+    protected final List<String> attributes = new ArrayList<>();
+    protected final String serial;
+    protected final String clientMode;
+    protected final String message;
+    protected final String transactionID;
+    protected final String type;
+    protected final String image;
+
+    public Challenge(String serial, String message, String clientMode, String image, String transactionID, String type)
     {
         this.serial = serial;
         this.message = message;
         this.clientMode = clientMode;
         this.image = image;
-        this.transactionId = transactionId;
+        this.transactionID = transactionID;
         this.type = type;
     }
 
@@ -49,7 +49,7 @@ public Challenge(String serial, String message, String clientMode, String image,
 
     public String getImage() {return image.replaceAll("\"", "");}
 
-    public String getTransactionID() {return transactionId;}
+    public String getTransactionID() {return transactionID;}
 
     public String getType() {return type;}
 }

src/main/java/org/privacyidea/Endpoint.java

@@ -16,36 +16,31 @@
  */
 package org.privacyidea;
 
+import okhttp3.*;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
 import java.io.IOException;
-import java.io.UnsupportedEncodingException;
+import java.net.InetSocketAddress;
+import java.net.Proxy;
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-import okhttp3.Callback;
-import okhttp3.FormBody;
-import okhttp3.HttpUrl;
-import okhttp3.OkHttpClient;
-import okhttp3.Request;
 
-import static org.privacyidea.PIConstants.GET;
-import static org.privacyidea.PIConstants.HEADER_USER_AGENT;
-import static org.privacyidea.PIConstants.POST;
-import static org.privacyidea.PIConstants.WEBAUTHN_PARAMETERS;
+import static org.privacyidea.PIConstants.*;
 
 /**
  * This class handles sending requests to the server.
  */
 class Endpoint
 {
     private final PrivacyIDEA privacyIDEA;
-    private final PIConfig piconfig;
+    private final PIConfig piConfig;
     private final OkHttpClient client;
 
     final TrustManager[] trustAllManager = new TrustManager[]{new X509TrustManager()
@@ -70,14 +65,14 @@ public java.security.cert.X509Certificate[] getAcceptedIssuers()
     Endpoint(PrivacyIDEA privacyIDEA)
     {
         this.privacyIDEA = privacyIDEA;
-        this.piconfig = privacyIDEA.configuration();
+        this.piConfig = privacyIDEA.configuration();
 
         OkHttpClient.Builder builder = new OkHttpClient.Builder();
-        builder.connectTimeout(piconfig.httpTimeoutMs, TimeUnit.MILLISECONDS)
-               .writeTimeout(piconfig.httpTimeoutMs, TimeUnit.MILLISECONDS)
-               .readTimeout(piconfig.httpTimeoutMs, TimeUnit.MILLISECONDS);
+        builder.connectTimeout(piConfig.httpTimeoutMs, TimeUnit.MILLISECONDS)
+               .writeTimeout(piConfig.httpTimeoutMs, TimeUnit.MILLISECONDS)
+               .readTimeout(piConfig.httpTimeoutMs, TimeUnit.MILLISECONDS);
 
-        if (!this.piconfig.doSSLVerify)
+        if (!this.piConfig.verifySSL)
         {
             // Trust all certs and verify every host
             try
@@ -93,6 +88,13 @@ public java.security.cert.X509Certificate[] getAcceptedIssuers()
                 privacyIDEA.error(e);
             }
         }
+
+        if (!piConfig.proxyHost.isEmpty())
+        {
+            Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(piConfig.proxyHost, piConfig.proxyPort));
+            builder.proxy(proxy);
+        }
+
         this.client = builder.build();
     }
 
@@ -105,44 +107,47 @@ public java.security.cert.X509Certificate[] getAcceptedIssuers()
      * @param method   http request method
      * @param callback okhttp3 callback
      */
-    void sendRequestAsync(String endpoint, Map<String, String> params, Map<String, String> headers, String method,
-                          Callback callback)
+    void sendRequestAsync(String endpoint, Map<String, String> params, Map<String, String> headers, String method, Callback callback)
     {
-        HttpUrl httpUrl = HttpUrl.parse(piconfig.serverURL + endpoint);
+        HttpUrl httpUrl = HttpUrl.parse(piConfig.serverURL + endpoint);
         if (httpUrl == null)
         {
-            privacyIDEA.error("Server url could not be parsed: " + (piconfig.serverURL + endpoint));
+            privacyIDEA.error("Server url could not be parsed: " + (piConfig.serverURL + endpoint));
             // Invoke the callback to terminate the thread that called this function.
             callback.onFailure(null, new IOException("Request could not be created because the url could not be parsed"));
             return;
         }
         HttpUrl.Builder urlBuilder = httpUrl.newBuilder();
+        if (!piConfig.forwardClientIP.isEmpty())
+        {
+            privacyIDEA.log("Forwarding client IP: " + piConfig.forwardClientIP);
+            params.put(CLIENT_IP, piConfig.forwardClientIP);
+        }
         privacyIDEA.log(method + " " + endpoint);
         params.forEach((k, v) ->
-                       {
+                           {
                            if (k.equals("pass") || k.equals("password"))
                            {
                                v = "*".repeat(v.length());
                            }
-
                            privacyIDEA.log(k + "=" + v);
-                       });
+                           });
 
         if (GET.equals(method))
         {
             params.forEach((key, value) ->
-                           {
+                               {
                                String encValue = URLEncoder.encode(value, StandardCharsets.UTF_8);
                                urlBuilder.addQueryParameter(key, encValue);
-                           });
+                               });
         }
 
         String url = urlBuilder.build().toString();
         //privacyIDEA.log("URL: " + url);
         Request.Builder requestBuilder = new Request.Builder().url(url);
 
         // Add the headers
-        requestBuilder.addHeader(HEADER_USER_AGENT, piconfig.userAgent);
+        requestBuilder.addHeader(HEADER_USER_AGENT, piConfig.userAgent);
         if (headers != null && !headers.isEmpty())
         {
             headers.forEach(requestBuilder::addHeader);
@@ -152,7 +157,7 @@ void sendRequestAsync(String endpoint, Map<String, String> params, Map<String, S
         {
             FormBody.Builder formBodyBuilder = new FormBody.Builder();
             params.forEach((key, value) ->
-                           {
+                               {
                                if (key != null && value != null)
                                {
                                    String encValue = value;
@@ -164,7 +169,7 @@ void sendRequestAsync(String endpoint, Map<String, String> params, Map<String, S
                                    }
                                    formBodyBuilder.add(key, encValue);
                                }
-                           });
+                               });
             // This switches okhttp to make a post request
             requestBuilder.post(formBodyBuilder.build());
         }

src/main/java/org/privacyidea/IPISimpleLogger.java

@@ -21,5 +21,5 @@
  */
 public interface IPISimpleLogger
 {
-    void pilog(String message);
+    void piLog(String message);
 }