elastic · jkakavas · Jan 18, 2019 · Dec 5, 2018 · Dec 13, 2018 · Dec 14, 2018
diff --git a/...va/org/elasticsearch/xpack/core/security/action/oidc/OpenIdConnectAuthenticateAction.java b/...va/org/elasticsearch/xpack/core/security/action/oidc/OpenIdConnectAuthenticateAction.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.core.security.action.oidc;
+
+import org.elasticsearch.action.Action;
+
+/**
+ * Action for initiating an authentication process using OpenID Connect
+ */
+public final class OpenIdConnectAuthenticateAction extends Action<OpenIdConnectAuthenticateResponse> {
+
+    public static final OpenIdConnectAuthenticateAction INSTANCE = new OpenIdConnectAuthenticateAction();
+    public static final String NAME = "cluster:admin/xpack/security/oidc/authenticate";
+
+    protected OpenIdConnectAuthenticateAction() {
+        super(NAME);
+    }
+
+    public OpenIdConnectAuthenticateResponse newResponse() {
+        return new OpenIdConnectAuthenticateResponse();
+    }
+}
diff --git a/...a/org/elasticsearch/xpack/core/security/action/oidc/OpenIdConnectAuthenticateRequest.java b/...a/org/elasticsearch/xpack/core/security/action/oidc/OpenIdConnectAuthenticateRequest.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.core.security.action.oidc;
+
+import org.elasticsearch.action.ActionRequest;
+import org.elasticsearch.action.ActionRequestValidationException;
+import org.elasticsearch.common.io.stream.StreamInput;
+import org.elasticsearch.common.io.stream.StreamOutput;
+
+import java.io.IOException;
+
+/**
+ * Represents a request for authentication using OpenID Connect
+ */
+public class OpenIdConnectAuthenticateRequest extends ActionRequest {
+
+    /**
+     * The URI were the OP redirected the browser after the authentication attempt. This is passed as is from the
+     * facilitator entity (i.e. Kibana)
+     */
+    private String redirectUri;
+
+    /**
+     * The state value that either we or the facilitator generated for this specific flow and that was stored at the user's session with
+     * the facilitator
+     */
+    private String state;
+
+    /**
+     * The nonce value that the facilitator generated for this specific flow and that was stored at the user's session with
+     * the facilitator
+     */
+    private String nonce;
+
+    public OpenIdConnectAuthenticateRequest() {
+    }
+
+    public String getRedirectUri() {
+        return redirectUri;
+    }
+
+    public void setRedirectUri(String redirectUri) {
+        this.redirectUri = redirectUri;
+    }
+
+    public String getState() {
+        return state;
+    }
+
+    public void setState(String state) {
+        this.state = state;
+    }
+
+    public String getNonce() {
+        return nonce;
+    }
+
+    public void setNonce(String nonce) {
+        this.nonce = nonce;
+    }
+
+    @Override
+    public ActionRequestValidationException validate() {
+        return null;
+    }
+
+    @Override
+    public void writeTo(StreamOutput out) throws IOException {
+        super.writeTo(out);
+        out.writeString(redirectUri);
+        out.writeString(state);
+        out.writeOptionalString(nonce);
+    }
+
+    @Override
+    public void readFrom(StreamInput in) throws IOException {
+        super.readFrom(in);
+        redirectUri = in.readString();
+        state = in.readString();
+        nonce = in.readOptionalString();
+    }
+
+    public String toString() {
+        return "{redirectUri=" + redirectUri + ", state=" + state + ", nonce=" + nonce + "}";
+    }
+}
+
diff --git a/...lasticsearch/xpack/core/security/action/oidc/OpenIdConnectAuthenticateRequestBuilder.java b/...lasticsearch/xpack/core/security/action/oidc/OpenIdConnectAuthenticateRequestBuilder.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.core.security.action.oidc;
+
+import org.elasticsearch.action.ActionRequestBuilder;
+import org.elasticsearch.client.ElasticsearchClient;
+
+/**
+ * Request builder for populating a {@link OpenIdConnectAuthenticateRequest}
+ */
+public class OpenIdConnectAuthenticateRequestBuilder
+    extends ActionRequestBuilder<OpenIdConnectAuthenticateRequest, OpenIdConnectAuthenticateResponse> {
+
+    public OpenIdConnectAuthenticateRequestBuilder(ElasticsearchClient client) {
+        super(client, OpenIdConnectAuthenticateAction.INSTANCE, new OpenIdConnectAuthenticateRequest());
+    }
+
+    public OpenIdConnectAuthenticateRequestBuilder redirectUri(String redirectUri) {
+        request.setRedirectUri(redirectUri);
+        return this;
+    }
+
+    public OpenIdConnectAuthenticateRequestBuilder state(String state) {
+        request.setState(state);
+        return this;
+    }
+
+    public OpenIdConnectAuthenticateRequestBuilder nonce(String nonce) {
+        request.setNonce(nonce);
+        return this;
+    }
+
+}
diff --git a/.../org/elasticsearch/xpack/core/security/action/oidc/OpenIdConnectAuthenticateResponse.java b/.../org/elasticsearch/xpack/core/security/action/oidc/OpenIdConnectAuthenticateResponse.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.core.security.action.oidc;
+
+import org.elasticsearch.action.ActionResponse;
+import org.elasticsearch.common.io.stream.StreamInput;
+import org.elasticsearch.common.io.stream.StreamOutput;
+import org.elasticsearch.common.unit.TimeValue;
+
+import java.io.IOException;
+
+public class OpenIdConnectAuthenticateResponse extends ActionResponse {
+    private String principal;
+    private String accessTokenString;
+    private String refreshTokenString;
+    private TimeValue expiresIn;
+
+    public OpenIdConnectAuthenticateResponse(String principal, String accessTokenString, String refreshTokenString, TimeValue expiresIn) {
+        this.principal = principal;
+        this.accessTokenString = accessTokenString;
+        this.refreshTokenString = refreshTokenString;
+        this.expiresIn = expiresIn;
+    }
+
+    public OpenIdConnectAuthenticateResponse() {
+    }
+
+    public String getPrincipal() {
+        return principal;
+    }
+
+    public String getAccessTokenString() {
+        return accessTokenString;
+    }
+
+    public String getRefreshTokenString() {
+        return refreshTokenString;
+    }
+
+    public TimeValue getExpiresIn() {
+        return expiresIn;
+    }
+
+    @Override
+    public void readFrom(StreamInput in) throws IOException {
+        super.readFrom(in);
+        principal = in.readString();
+        accessTokenString = in.readString();
+        refreshTokenString = in.readString();
+        expiresIn = in.readTimeValue();
+    }
+
+    @Override
+    public void writeTo(StreamOutput out) throws IOException {
+        super.writeTo(out);
+        out.writeString(principal);
+        out.writeString(accessTokenString);
+        out.writeString(refreshTokenString);
+        out.writeTimeValue(expiresIn);
+    }
+}
diff --git a/...asticsearch/xpack/core/security/action/oidc/OpenIdConnectPrepareAuthenticationAction.java b/...asticsearch/xpack/core/security/action/oidc/OpenIdConnectPrepareAuthenticationAction.java
@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.core.security.action.oidc;
+
+import org.elasticsearch.action.Action;
+
+public class OpenIdConnectPrepareAuthenticationAction extends Action<OpenIdConnectPrepareAuthenticationResponse> {
+
+    public static final OpenIdConnectPrepareAuthenticationAction INSTANCE = new OpenIdConnectPrepareAuthenticationAction();
+    public static final String NAME = "cluster:admin/xpack/security/oidc/prepare";
+
+    protected OpenIdConnectPrepareAuthenticationAction() {
+        super(NAME);
+    }
+
+    public OpenIdConnectPrepareAuthenticationResponse newResponse() {
+        return new OpenIdConnectPrepareAuthenticationResponse();
+    }
+}
diff --git a/...sticsearch/xpack/core/security/action/oidc/OpenIdConnectPrepareAuthenticationRequest.java b/...sticsearch/xpack/core/security/action/oidc/OpenIdConnectPrepareAuthenticationRequest.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.core.security.action.oidc;
+
+import org.elasticsearch.action.ActionRequest;
+import org.elasticsearch.action.ActionRequestValidationException;
+import org.elasticsearch.common.Strings;
+import org.elasticsearch.common.io.stream.StreamInput;
+import org.elasticsearch.common.io.stream.StreamOutput;
+
+import java.io.IOException;
+
+import static org.elasticsearch.action.ValidateActions.addValidationError;
+
+/**
+ * Represents a request to prepare an OAuth 2.0 authentication request
+ */
+public class OpenIdConnectPrepareAuthenticationRequest extends ActionRequest {
+
+    private String realmName;
+    private String state;
+    private String nonce;
+
+    public String getRealmName() {
+        return realmName;
+    }
+
+    public String getState() {
+        return state;
+    }
+
+    public String getNonce() {
+        return nonce;
+    }
+
+    public void setRealmName(String realmName) {
+        this.realmName = realmName;
+    }
+
+    public void setState(String state) {
+        this.state = state;
+    }
+
+    public void setNonce(String nonce) {
+        this.nonce = nonce;
+    }
+
+    @Override
+    public ActionRequestValidationException validate() {
+        ActionRequestValidationException validationException = null;
+        if (Strings.hasText(realmName) == false) {
+            validationException = addValidationError("realm name must be provided", null);
+        }
+        return validationException;
+    }
+
+    @Override
+    public void writeTo(StreamOutput out) throws IOException {
+        super.writeTo(out);
+        out.writeString(realmName);
+        out.writeOptionalString(state);
+        out.writeOptionalString(nonce);
+    }
+
+    @Override
+    public void readFrom(StreamInput in) throws IOException {
+        super.readFrom(in);
+        realmName = in.readString();
+        state = in.readOptionalString();
+        nonce = in.readOptionalString();
+    }
+
+    public String toString() {
+        return "{realmName=" + realmName + ", state=" + state + ", nonce=" + nonce + "}";
+    }
+
+}
diff --git a/...rch/xpack/core/security/action/oidc/OpenIdConnectPrepareAuthenticationRequestBuilder.java b/...rch/xpack/core/security/action/oidc/OpenIdConnectPrepareAuthenticationRequestBuilder.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.core.security.action.oidc;
+
+import org.elasticsearch.action.ActionRequestBuilder;
+import org.elasticsearch.client.ElasticsearchClient;
+
+/**
+ * Request builder for populating a {@link OpenIdConnectPrepareAuthenticationRequest}
+ */
+public class OpenIdConnectPrepareAuthenticationRequestBuilder
+    extends ActionRequestBuilder<OpenIdConnectPrepareAuthenticationRequest, OpenIdConnectPrepareAuthenticationResponse> {
+
+    public OpenIdConnectPrepareAuthenticationRequestBuilder(ElasticsearchClient client) {
+        super(client, OpenIdConnectPrepareAuthenticationAction.INSTANCE, new OpenIdConnectPrepareAuthenticationRequest());
+    }
+
+    public OpenIdConnectPrepareAuthenticationRequestBuilder realmName(String name) {
+        request.setRealmName(name);
+        return this;
+    }
+
+    public OpenIdConnectPrepareAuthenticationRequestBuilder state(String state) {
+        request.setState(state);
+        return this;
+    }
+
+    public OpenIdConnectPrepareAuthenticationRequestBuilder nonce(String nonce) {
+        request.setNonce(nonce);
+        return this;
+    }
+}