From 252252a9d14422455796b97e56c6da829c70b77a Mon Sep 17 00:00:00 2001
From: Stephan Richter <s.richter@srsoftware.de>
Date: Mon, 29 Jul 2024 00:36:19 +0200
Subject: [PATCH] trying to implement using jose library. current obstacle is:
 I don't know how to involve client secret in key generation

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
---
 de.srsoftware.oidc.backend/build.gradle       |  1 +
 .../oidc/backend/TokenController.java         | 33 ++++++++++++++++++-
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/de.srsoftware.oidc.backend/build.gradle b/de.srsoftware.oidc.backend/build.gradle
index adeaecc..7ddaba4 100644
--- a/de.srsoftware.oidc.backend/build.gradle
+++ b/de.srsoftware.oidc.backend/build.gradle
@@ -16,6 +16,7 @@ dependencies {
     implementation project(':de.srsoftware.oidc.api')
     implementation project(':de.srsoftware.logging')
     implementation 'org.json:json:20240303'
+    implementation 'org.bitbucket.b_c:jose4j:0.9.6'
 }
 
 test {
diff --git a/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java b/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java
index b3aa28f..048854e 100644
--- a/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java
+++ b/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java
@@ -13,6 +13,12 @@ import de.srsoftware.oidc.api.PathHandler;
 import java.io.IOException;
 import java.util.*;
 import java.util.stream.Collectors;
+import org.jose4j.jwk.RsaJsonWebKey;
+import org.jose4j.jwk.RsaJwkGenerator;
+import org.jose4j.jws.AlgorithmIdentifiers;
+import org.jose4j.jws.JsonWebSignature;
+import org.jose4j.jwt.JwtClaims;
+import org.jose4j.lang.JoseException;
 import org.json.JSONObject;
 
 public class TokenController extends PathHandler {
@@ -68,6 +74,31 @@ public class TokenController extends PathHandler {
 	}
 
 	private String createJWT(Client client) {
-		return null;
+		try {
+			RsaJsonWebKey rsaJsonWebKey = RsaJwkGenerator.generateJwk(2048);
+			rsaJsonWebKey.setKeyId("k1");
+			JwtClaims claims = new JwtClaims();
+			claims.setIssuer("Issuer");		 // who creates the token and signs it
+			claims.setAudience("Audience");		 // to whom the token is intended to be sent
+			claims.setExpirationTimeMinutesInTheFuture(10);	 // time when the token will expire (10 minutes from now)
+			claims.setGeneratedJwtId();		 // a unique identifier for the token
+			claims.setIssuedAtToNow();		 // when the token was issued/created (now)
+			claims.setNotBeforeMinutesInThePast(2);	 // time before which the token is not yet valid (2 minutes ago)
+			claims.setSubject("subject");		 // the subject/principal is whom the token is about
+			claims.setClaim("email", "mail@example.com");	 // additional claims/attributes about the subject can be added
+			List<String> groups = Arrays.asList("group-one", "other-group", "group-three");
+			claims.setStringListClaim("groups", groups);  // multi-valued claims work too and will end up as a JSON array
+
+			// A JWT is a JWS and/or a JWE with JSON claims as the payload.
+			// In this example it is a JWS so we create a JsonWebSignature object.
+			JsonWebSignature jws = new JsonWebSignature();
+			jws.setPayload(claims.toJson());
+			jws.setKey(rsaJsonWebKey.getPrivateKey());
+			jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId());
+			jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
+			return jws.getCompactSerialization();
+		} catch (JoseException e) {
+			throw new RuntimeException(e);
+		}
 	}
 }