StephanRichter
/
LightOidc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

succeeded to create verifyable jwt with jose 

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
sqlite
Stephan Richter 4 months ago
parent
6b341bd209
commit
47c7c59cee
2 changed files with 14 additions and 15 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      de.srsoftware.cookies/src/main/java/de/srsoftware/cookies/Cookie.java
  2. 20
      de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java

9
de.srsoftware.cookies/src/main/java/de/srsoftware/cookies/Cookie.java
Unescape View File

@ -1,9 +1,6 @@
/* © SRSoftware 2024 */ /* © SRSoftware 2024 */
package de.srsoftware.cookies; package de.srsoftware.cookies;
import static java.lang.System.Logger.Level.ERROR;
import static java.lang.System.Logger.Level.WARNING;
import com.sun.net.httpserver.Headers; import com.sun.net.httpserver.Headers;
import com.sun.net.httpserver.HttpExchange; import com.sun.net.httpserver.HttpExchange;
import java.util.Arrays; import java.util.Arrays;
@ -11,6 +8,8 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Optional; import java.util.Optional;
import static java.lang.System.Logger.Level.*;
public abstract class Cookie implements Map.Entry<String, String> { public abstract class Cookie implements Map.Entry<String, String> {
static final System.Logger LOG = System.getLogger(SessionToken.class.getSimpleName()); static final System.Logger LOG = System.getLogger(SessionToken.class.getSimpleName());
private final String key; private final String key;
@ -22,7 +21,7 @@ public abstract class Cookie implements Map.Entry<String, String> {
} }
public <T extends Cookie> T addTo(Headers headers) { public <T extends Cookie> T addTo(Headers headers) {
LOG.log(ERROR, "sending cookie {0}={1}", key, value); LOG.log(INFO, "sending cookie {0}={1}", key, value);
headers.add("Set-Cookie", "%s=%s".formatted(key, value)); headers.add("Set-Cookie", "%s=%s".formatted(key, value));
return (T)this; return (T)this;
} }
@ -42,7 +41,7 @@ public abstract class Cookie implements Map.Entry<String, String> {
} }
protected static List<String> of(HttpExchange ex) { protected static List<String> of(HttpExchange ex) {
return Optional.ofNullable(ex.getRequestHeaders().get("Cookie")).stream().flatMap(List::stream).flatMap(s -> Arrays.stream(s.split(";"))).map(String::trim).peek(cookie -> LOG.log(WARNING, "received cookie {0}", cookie)).toList(); return Optional.ofNullable(ex.getRequestHeaders().get("Cookie")).stream().flatMap(List::stream).flatMap(s -> Arrays.stream(s.split(";"))).map(String::trim).peek(cookie -> LOG.log(INFO, "received cookie {0}", cookie)).toList();
} }
@Override @Override

20
de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java
Unescape View File

@ -2,8 +2,7 @@
package de.srsoftware.oidc.backend; package de.srsoftware.oidc.backend;
import static de.srsoftware.oidc.api.Constants.*; import static de.srsoftware.oidc.api.Constants.*;
import static java.lang.System.Logger.Level.ERROR; import static java.lang.System.Logger.Level.*;
import static java.lang.System.Logger.Level.WARNING;
import static java.net.HttpURLConnection.HTTP_BAD_REQUEST; import static java.net.HttpURLConnection.HTTP_BAD_REQUEST;
import com.sun.net.httpserver.HttpExchange; import com.sun.net.httpserver.HttpExchange;
@ -48,8 +47,8 @@ public class TokenController extends PathHandler {
var map = deserialize(body(ex)); var map = deserialize(body(ex));
// TODO: check Authorization Code, → https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint // TODO: check Authorization Code, → https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
// TODO: check Redirect URL // TODO: check Redirect URL
LOG.log(WARNING, "post data: {0}", map); LOG.log(DEBUG, "post data: {0}", map);
LOG.log(ERROR, "{0}.provideToken(ex) not implemented!", getClass().getSimpleName()); LOG.log(WARNING, "{0}.provideToken(ex) not implemented!", getClass().getSimpleName());
var grantType = map.get(GRANT_TYPE); var grantType = map.get(GRANT_TYPE);
if (!ATUH_CODE.equals(grantType)) sendContent(ex, HTTP_BAD_REQUEST, Map.of(ERROR, "unknown grant type", GRANT_TYPE, grantType)); if (!ATUH_CODE.equals(grantType)) sendContent(ex, HTTP_BAD_REQUEST, Map.of(ERROR, "unknown grant type", GRANT_TYPE, grantType));
var optClient = Optional.ofNullable(map.get(CLIENT_ID)).flatMap(clients::getClient); var optClient = Optional.ofNullable(map.get(CLIENT_ID)).flatMap(clients::getClient);
@ -77,10 +76,8 @@ public class TokenController extends PathHandler {
private String createJWT(Client client) { private String createJWT(Client client) {
try { try {
MessageDigest digest = MessageDigest.getInstance("SHA-256"); byte[] secretBytes = client.secret().getBytes(StandardCharsets.UTF_8);
byte[] encodedhash = digest.digest(client.secret().getBytes(StandardCharsets.UTF_8)); HmacKey hmacKey = new HmacKey(secretBytes);
HmacKey hmacKey = new HmacKey(encodedhash);
JwtClaims claims = new JwtClaims(); JwtClaims claims = new JwtClaims();
claims.setIssuer("Issuer"); // who creates the token and signs it claims.setIssuer("Issuer"); // who creates the token and signs it
@ -97,14 +94,17 @@ public class TokenController extends PathHandler {
// A JWT is a JWS and/or a JWE with JSON claims as the payload. // A JWT is a JWS and/or a JWE with JSON claims as the payload.
// In this example it is a JWS so we create a JsonWebSignature object. // In this example it is a JWS so we create a JsonWebSignature object.
JsonWebSignature jws = new JsonWebSignature(); JsonWebSignature jws = new JsonWebSignature();
if (secretBytes.length*8 < 256) {
LOG.log(WARNING,"Using secret with less than 256 bits! You will go to hell for this!");
jws.setDoKeyValidation(false); // TODO: this is dangerous! Better: enforce key length of 256bits!
}
jws.setPayload(claims.toJson()); jws.setPayload(claims.toJson());
jws.setKey(hmacKey); jws.setKey(hmacKey);
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA256); jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA256);
return jws.getCompactSerialization(); return jws.getCompactSerialization();
} catch (JoseException e) { } catch (JoseException e) {
throw new RuntimeException(e); throw new RuntimeException(e);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
} }
} }
} }

Write Preview
Loading…
Cancel
Save