succeeded to create verifyable jwt with jose
Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
This commit is contained in:
@@ -1,9 +1,6 @@
|
||||
/* © SRSoftware 2024 */
|
||||
package de.srsoftware.cookies;
|
||||
|
||||
import static java.lang.System.Logger.Level.ERROR;
|
||||
import static java.lang.System.Logger.Level.WARNING;
|
||||
|
||||
import com.sun.net.httpserver.Headers;
|
||||
import com.sun.net.httpserver.HttpExchange;
|
||||
import java.util.Arrays;
|
||||
@@ -11,6 +8,8 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
|
||||
import static java.lang.System.Logger.Level.*;
|
||||
|
||||
public abstract class Cookie implements Map.Entry<String, String> {
|
||||
static final System.Logger LOG = System.getLogger(SessionToken.class.getSimpleName());
|
||||
private final String key;
|
||||
@@ -22,7 +21,7 @@ public abstract class Cookie implements Map.Entry<String, String> {
|
||||
}
|
||||
|
||||
public <T extends Cookie> T addTo(Headers headers) {
|
||||
LOG.log(ERROR, "sending cookie {0}={1}", key, value);
|
||||
LOG.log(INFO, "sending cookie {0}={1}", key, value);
|
||||
headers.add("Set-Cookie", "%s=%s".formatted(key, value));
|
||||
return (T)this;
|
||||
}
|
||||
@@ -42,7 +41,7 @@ public abstract class Cookie implements Map.Entry<String, String> {
|
||||
}
|
||||
|
||||
protected static List<String> of(HttpExchange ex) {
|
||||
return Optional.ofNullable(ex.getRequestHeaders().get("Cookie")).stream().flatMap(List::stream).flatMap(s -> Arrays.stream(s.split(";"))).map(String::trim).peek(cookie -> LOG.log(WARNING, "received cookie {0}", cookie)).toList();
|
||||
return Optional.ofNullable(ex.getRequestHeaders().get("Cookie")).stream().flatMap(List::stream).flatMap(s -> Arrays.stream(s.split(";"))).map(String::trim).peek(cookie -> LOG.log(INFO, "received cookie {0}", cookie)).toList();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -2,8 +2,7 @@
|
||||
package de.srsoftware.oidc.backend;
|
||||
|
||||
import static de.srsoftware.oidc.api.Constants.*;
|
||||
import static java.lang.System.Logger.Level.ERROR;
|
||||
import static java.lang.System.Logger.Level.WARNING;
|
||||
import static java.lang.System.Logger.Level.*;
|
||||
import static java.net.HttpURLConnection.HTTP_BAD_REQUEST;
|
||||
|
||||
import com.sun.net.httpserver.HttpExchange;
|
||||
@@ -48,8 +47,8 @@ public class TokenController extends PathHandler {
|
||||
var map = deserialize(body(ex));
|
||||
// TODO: check Authorization Code, → https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
|
||||
// TODO: check Redirect URL
|
||||
LOG.log(WARNING, "post data: {0}", map);
|
||||
LOG.log(ERROR, "{0}.provideToken(ex) not implemented!", getClass().getSimpleName());
|
||||
LOG.log(DEBUG, "post data: {0}", map);
|
||||
LOG.log(WARNING, "{0}.provideToken(ex) not implemented!", getClass().getSimpleName());
|
||||
var grantType = map.get(GRANT_TYPE);
|
||||
if (!ATUH_CODE.equals(grantType)) sendContent(ex, HTTP_BAD_REQUEST, Map.of(ERROR, "unknown grant type", GRANT_TYPE, grantType));
|
||||
var optClient = Optional.ofNullable(map.get(CLIENT_ID)).flatMap(clients::getClient);
|
||||
@@ -77,10 +76,8 @@ public class TokenController extends PathHandler {
|
||||
|
||||
private String createJWT(Client client) {
|
||||
try {
|
||||
MessageDigest digest = MessageDigest.getInstance("SHA-256");
|
||||
byte[] encodedhash = digest.digest(client.secret().getBytes(StandardCharsets.UTF_8));
|
||||
|
||||
HmacKey hmacKey = new HmacKey(encodedhash);
|
||||
byte[] secretBytes = client.secret().getBytes(StandardCharsets.UTF_8);
|
||||
HmacKey hmacKey = new HmacKey(secretBytes);
|
||||
|
||||
JwtClaims claims = new JwtClaims();
|
||||
claims.setIssuer("Issuer"); // who creates the token and signs it
|
||||
@@ -97,14 +94,17 @@ public class TokenController extends PathHandler {
|
||||
// A JWT is a JWS and/or a JWE with JSON claims as the payload.
|
||||
// In this example it is a JWS so we create a JsonWebSignature object.
|
||||
JsonWebSignature jws = new JsonWebSignature();
|
||||
if (secretBytes.length*8 < 256) {
|
||||
LOG.log(WARNING,"Using secret with less than 256 bits! You will go to hell for this!");
|
||||
jws.setDoKeyValidation(false); // TODO: this is dangerous! Better: enforce key length of 256bits!
|
||||
}
|
||||
|
||||
jws.setPayload(claims.toJson());
|
||||
jws.setKey(hmacKey);
|
||||
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA256);
|
||||
return jws.getCompactSerialization();
|
||||
} catch (JoseException e) {
|
||||
throw new RuntimeException(e);
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user