elastic · jkakavas · Apr 4, 2019 · Jan 18, 2019 · Jan 20, 2019 · Jan 23, 2019
diff --git a/...va/org/elasticsearch/xpack/core/security/action/oidc/OpenIdConnectAuthenticateAction.java b/...va/org/elasticsearch/xpack/core/security/action/oidc/OpenIdConnectAuthenticateAction.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.core.security.action.oidc;
+
+import org.elasticsearch.action.Action;
+import org.elasticsearch.common.io.stream.Writeable;
+
+/**
+ * Action for initiating an authentication process using OpenID Connect
+ */
+public final class OpenIdConnectAuthenticateAction extends Action<OpenIdConnectAuthenticateResponse> {
+
+    public static final OpenIdConnectAuthenticateAction INSTANCE = new OpenIdConnectAuthenticateAction();
+    public static final String NAME = "cluster:admin/xpack/security/oidc/authenticate";
+
+    private OpenIdConnectAuthenticateAction() {
+        super(NAME);
+    }
+
+    @Override
+    public OpenIdConnectAuthenticateResponse newResponse() {
+        throw new UnsupportedOperationException("usage of Streamable is to be replaced by Writeable");
+    }
+
+    @Override
+    public Writeable.Reader<OpenIdConnectAuthenticateResponse> getResponseReader() {
+        return OpenIdConnectAuthenticateResponse::new;
+    }
+}
diff --git a/...a/org/elasticsearch/xpack/core/security/action/oidc/OpenIdConnectAuthenticateRequest.java b/...a/org/elasticsearch/xpack/core/security/action/oidc/OpenIdConnectAuthenticateRequest.java
@@ -0,0 +1,108 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.core.security.action.oidc;
+
+import org.elasticsearch.action.ActionRequest;
+import org.elasticsearch.action.ActionRequestValidationException;
+import org.elasticsearch.common.Strings;
+import org.elasticsearch.common.io.stream.StreamInput;
+import org.elasticsearch.common.io.stream.StreamOutput;
+
+import java.io.IOException;
+
+import static org.elasticsearch.action.ValidateActions.addValidationError;
+
+/**
+ * Represents a request for authentication using OpenID Connect
+ */
+public class OpenIdConnectAuthenticateRequest extends ActionRequest {
+
+    /**
+     * The URI where the OP redirected the browser after the authentication attempt. This is passed as is from the
+     * facilitator entity (i.e. Kibana)
+     */
+    private String redirectUri;
+
+    /**
+     * The state value that we generated or the facilitator provided for this specific flow and that should be stored at the user's session
+     * with the facilitator
+     */
+    private String state;
+
+    /**
+     * The nonce value that we generated or the facilitator provided for this specific flow and that should be stored at the user's session
+     * with the facilitator
+     */
+    private String nonce;
+
+    public OpenIdConnectAuthenticateRequest() {
+
+    }
+
+    public OpenIdConnectAuthenticateRequest(StreamInput in) throws IOException {
+        super.readFrom(in);
+        redirectUri = in.readString();
+        state = in.readString();
+        nonce = in.readString();
+    }
+
+    public String getRedirectUri() {
+        return redirectUri;
+    }
+
+    public void setRedirectUri(String redirectUri) {
+        this.redirectUri = redirectUri;
+    }
+
+    public String getState() {
+        return state;
+    }
+
+    public void setState(String state) {
+        this.state = state;
+    }
+
+    public String getNonce() {
+        return nonce;
+    }
+
+    public void setNonce(String nonce) {
+        this.nonce = nonce;
+    }
+
+    @Override
+    public ActionRequestValidationException validate() {
+        ActionRequestValidationException validationException = null;
+        if (Strings.isNullOrEmpty(state)) {
+            validationException = addValidationError("state parameter is missing", validationException);
+        }
+        if (Strings.isNullOrEmpty(nonce)) {
+            validationException = addValidationError("nonce parameter is missing", validationException);
+        }
+        if (Strings.isNullOrEmpty(redirectUri)) {
+            validationException = addValidationError("redirect_uri parameter is missing", validationException);
+        }
+        return validationException;
+    }
+
+    @Override
+    public void writeTo(StreamOutput out) throws IOException {
+        super.writeTo(out);
+        out.writeString(redirectUri);
+        out.writeString(state);
+        out.writeString(nonce);
+    }
+
+    @Override
+    public void readFrom(StreamInput in) {
+        throw new UnsupportedOperationException("usage of Streamable is to be replaced by Writeable");
+    }
+
+    public String toString() {
+        return "{redirectUri=" + redirectUri + ", state=" + state + ", nonce=" + nonce + "}";
+    }
+}
+
diff --git a/...lasticsearch/xpack/core/security/action/oidc/OpenIdConnectAuthenticateRequestBuilder.java b/...lasticsearch/xpack/core/security/action/oidc/OpenIdConnectAuthenticateRequestBuilder.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.core.security.action.oidc;
+
+import org.elasticsearch.action.ActionRequestBuilder;
+import org.elasticsearch.client.ElasticsearchClient;
+
+/**
+ * Request builder for populating a {@link OpenIdConnectAuthenticateRequest}
+ */
+public class OpenIdConnectAuthenticateRequestBuilder
+    extends ActionRequestBuilder<OpenIdConnectAuthenticateRequest, OpenIdConnectAuthenticateResponse> {
+
+    public OpenIdConnectAuthenticateRequestBuilder(ElasticsearchClient client) {
+        super(client, OpenIdConnectAuthenticateAction.INSTANCE, new OpenIdConnectAuthenticateRequest());
+    }
+
+    public OpenIdConnectAuthenticateRequestBuilder redirectUri(String redirectUri) {
+        request.setRedirectUri(redirectUri);
+        return this;
+    }
+
+    public OpenIdConnectAuthenticateRequestBuilder state(String state) {
+        request.setState(state);
+        return this;
+    }
+
+    public OpenIdConnectAuthenticateRequestBuilder nonce(String nonce) {
+        request.setNonce(nonce);
+        return this;
+    }
+
+}
diff --git a/.../org/elasticsearch/xpack/core/security/action/oidc/OpenIdConnectAuthenticateResponse.java b/.../org/elasticsearch/xpack/core/security/action/oidc/OpenIdConnectAuthenticateResponse.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.core.security.action.oidc;
+
+import org.elasticsearch.action.ActionResponse;
+import org.elasticsearch.common.io.stream.StreamInput;
+import org.elasticsearch.common.io.stream.StreamOutput;
+import org.elasticsearch.common.unit.TimeValue;
+
+import java.io.IOException;
+
+public class OpenIdConnectAuthenticateResponse extends ActionResponse {
+    private String principal;
+    private String accessTokenString;
+    private String refreshTokenString;
+    private TimeValue expiresIn;
+
+    public OpenIdConnectAuthenticateResponse(String principal, String accessTokenString, String refreshTokenString, TimeValue expiresIn) {
+        this.principal = principal;
+        this.accessTokenString = accessTokenString;
+        this.refreshTokenString = refreshTokenString;
+        this.expiresIn = expiresIn;
+    }
+
+    public OpenIdConnectAuthenticateResponse(StreamInput in) throws IOException {
+        super.readFrom(in);
+        principal = in.readString();
+        accessTokenString = in.readString();
+        refreshTokenString = in.readString();
+        expiresIn = in.readTimeValue();
+    }
+
+    public String getPrincipal() {
+        return principal;
+    }
+
+    public String getAccessTokenString() {
+        return accessTokenString;
+    }
+
+    public String getRefreshTokenString() {
+        return refreshTokenString;
+    }
+
+    public TimeValue getExpiresIn() {
+        return expiresIn;
+    }
+
+    @Override
+    public void readFrom(StreamInput in) {
+        throw new UnsupportedOperationException("usage of Streamable is to be replaced by Writeable");
+    }
+
+    @Override
+    public void writeTo(StreamOutput out) throws IOException {
+        super.writeTo(out);
+        out.writeString(principal);
+        out.writeString(accessTokenString);
+        out.writeString(refreshTokenString);
+        out.writeTimeValue(expiresIn);
+    }
+}
diff --git a/...ain/java/org/elasticsearch/xpack/core/security/action/oidc/OpenIdConnectLogoutAction.java b/...ain/java/org/elasticsearch/xpack/core/security/action/oidc/OpenIdConnectLogoutAction.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.core.security.action.oidc;
+
+import org.elasticsearch.action.Action;
+import org.elasticsearch.common.io.stream.Writeable;
+
+public class OpenIdConnectLogoutAction extends Action<OpenIdConnectLogoutResponse> {
+
+    public static final OpenIdConnectLogoutAction INSTANCE = new OpenIdConnectLogoutAction();
+    public static final String NAME = "cluster:admin/xpack/security/oidc/logout";
+
+    private OpenIdConnectLogoutAction() {
+        super(NAME);
+    }
+
+    @Override
+    public OpenIdConnectLogoutResponse newResponse() {
+        throw new UnsupportedOperationException("usage of Streamable is to be replaced by Writeable");
+    }
+
+    @Override
+    public Writeable.Reader<OpenIdConnectLogoutResponse> getResponseReader() {
+        return OpenIdConnectLogoutResponse::new;
+    }
+}
diff --git a/...in/java/org/elasticsearch/xpack/core/security/action/oidc/OpenIdConnectLogoutRequest.java b/...in/java/org/elasticsearch/xpack/core/security/action/oidc/OpenIdConnectLogoutRequest.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.core.security.action.oidc;
+
+import org.elasticsearch.action.ActionRequest;
+import org.elasticsearch.action.ActionRequestValidationException;
+import org.elasticsearch.common.Nullable;
+import org.elasticsearch.common.Strings;
+import org.elasticsearch.common.io.stream.StreamInput;
+import org.elasticsearch.common.io.stream.StreamOutput;
+
+import java.io.IOException;
+
+import static org.elasticsearch.action.ValidateActions.addValidationError;
+
+public final class OpenIdConnectLogoutRequest extends ActionRequest {
+
+    private String token;
+    @Nullable
+    private String refreshToken;
+
+    public OpenIdConnectLogoutRequest() {
+
+    }
+
+    public OpenIdConnectLogoutRequest(StreamInput in) throws IOException {
+        super.readFrom(in);
+        token = in.readString();
+        refreshToken = in.readOptionalString();
+    }
+
+    @Override
+    public ActionRequestValidationException validate() {
+        ActionRequestValidationException validationException = null;
+        if (Strings.isNullOrEmpty(token)) {
+            validationException = addValidationError("token is missing", validationException);
+        }
+        return validationException;
+    }
+
+    public String getToken() {
+        return token;
+    }
+
+    public void setToken(String token) {
+        this.token = token;
+    }
+
+    public String getRefreshToken() {
+        return refreshToken;
+    }
+
+    public void setRefreshToken(String refreshToken) {
+        this.refreshToken = refreshToken;
+    }
+
+    @Override
+    public void writeTo(StreamOutput out) throws IOException {
+        super.writeTo(out);
+        out.writeString(token);
+        out.writeOptionalString(refreshToken);
+    }
+
+    @Override
+    public void readFrom(StreamInput in) {
+        throw new UnsupportedOperationException("usage of Streamable is to be replaced by Writeable");
+    }
+}
diff --git a/...n/java/org/elasticsearch/xpack/core/security/action/oidc/OpenIdConnectLogoutResponse.java b/...n/java/org/elasticsearch/xpack/core/security/action/oidc/OpenIdConnectLogoutResponse.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.core.security.action.oidc;
+
+import org.elasticsearch.action.ActionResponse;
+import org.elasticsearch.common.io.stream.StreamInput;
+import org.elasticsearch.common.io.stream.StreamOutput;
+
+import java.io.IOException;
+
+public final class OpenIdConnectLogoutResponse extends ActionResponse {
+
+    private String endSessionUrl;
+
+    public OpenIdConnectLogoutResponse(StreamInput in) throws IOException {
+        super.readFrom(in);
+        this.endSessionUrl = in.readString();
+    }
+
+    public OpenIdConnectLogoutResponse(String endSessionUrl) {
+        this.endSessionUrl = endSessionUrl;
+    }
+
+    @Override
+    public void readFrom(StreamInput in) {
+        throw new UnsupportedOperationException("usage of Streamable is to be replaced by Writeable");
+    }
+
+    @Override
+    public void writeTo(StreamOutput out) throws IOException {
+        super.writeTo(out);
+        out.writeString(endSessionUrl);
+    }
+
+    public String toString() {
+        return "{endSessionUrl=" + endSessionUrl + "}";
+    }
+
+    public String getEndSessionUrl() {
+        return endSessionUrl;
+    }
+}