StephanRichter/LightOidc
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

succeeded to create verifyable jwt with jose

Browse Source 
Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
This commit is contained in:
Stephan Richter
2024-07-29 09:49:31 +02:00
parent 6b341bd209
commit 47c7c59cee
2 changed files with 14 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
de.srsoftware.cookies/src/main/java/de/srsoftware/cookies/Cookie.java
View File

@@ -1,9 +1,6 @@
/* © SRSoftware 2024 */ /* © SRSoftware 2024 */
package de.srsoftware.cookies; package de.srsoftware.cookies;
import static java.lang.System.Logger.Level.ERROR;
import static java.lang.System.Logger.Level.WARNING;
import com.sun.net.httpserver.Headers; import com.sun.net.httpserver.Headers;
import com.sun.net.httpserver.HttpExchange; import com.sun.net.httpserver.HttpExchange;
import java.util.Arrays; import java.util.Arrays;
@@ -11,6 +8,8 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Optional; import java.util.Optional;
import static java.lang.System.Logger.Level.*;
public abstract class Cookie implements Map.Entry<String, String> { public abstract class Cookie implements Map.Entry<String, String> {
static final System.Logger LOG = System.getLogger(SessionToken.class.getSimpleName()); static final System.Logger LOG = System.getLogger(SessionToken.class.getSimpleName());
private final String key; private final String key;
@@ -22,7 +21,7 @@ public abstract class Cookie implements Map.Entry<String, String> {
} }
public <T extends Cookie> T addTo(Headers headers) { public <T extends Cookie> T addTo(Headers headers) {
LOG.log(ERROR, "sending cookie {0}={1}", key, value); LOG.log(INFO, "sending cookie {0}={1}", key, value);
headers.add("Set-Cookie", "%s=%s".formatted(key, value)); headers.add("Set-Cookie", "%s=%s".formatted(key, value));
return (T)this; return (T)this;
} }
@@ -42,7 +41,7 @@ public abstract class Cookie implements Map.Entry<String, String> {
} }
protected static List<String> of(HttpExchange ex) { protected static List<String> of(HttpExchange ex) {
return Optional.ofNullable(ex.getRequestHeaders().get("Cookie")).stream().flatMap(List::stream).flatMap(s -> Arrays.stream(s.split(";"))).map(String::trim).peek(cookie -> LOG.log(WARNING, "received cookie {0}", cookie)).toList(); return Optional.ofNullable(ex.getRequestHeaders().get("Cookie")).stream().flatMap(List::stream).flatMap(s -> Arrays.stream(s.split(";"))).map(String::trim).peek(cookie -> LOG.log(INFO, "received cookie {0}", cookie)).toList();
} }
@Override @Override

20
de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java
View File

@@ -2,8 +2,7 @@
package de.srsoftware.oidc.backend; package de.srsoftware.oidc.backend;
import static de.srsoftware.oidc.api.Constants.*; import static de.srsoftware.oidc.api.Constants.*;
import static java.lang.System.Logger.Level.ERROR; import static java.lang.System.Logger.Level.*;
import static java.lang.System.Logger.Level.WARNING;
import static java.net.HttpURLConnection.HTTP_BAD_REQUEST; import static java.net.HttpURLConnection.HTTP_BAD_REQUEST;
import com.sun.net.httpserver.HttpExchange; import com.sun.net.httpserver.HttpExchange;
@@ -48,8 +47,8 @@ public class TokenController extends PathHandler {
var map = deserialize(body(ex)); var map = deserialize(body(ex));
// TODO: check Authorization Code, → https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint // TODO: check Authorization Code, → https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
// TODO: check Redirect URL // TODO: check Redirect URL
LOG.log(WARNING, "post data: {0}", map); LOG.log(DEBUG, "post data: {0}", map);
LOG.log(ERROR, "{0}.provideToken(ex) not implemented!", getClass().getSimpleName()); LOG.log(WARNING, "{0}.provideToken(ex) not implemented!", getClass().getSimpleName());
var grantType = map.get(GRANT_TYPE); var grantType = map.get(GRANT_TYPE);
if (!ATUH_CODE.equals(grantType)) sendContent(ex, HTTP_BAD_REQUEST, Map.of(ERROR, "unknown grant type", GRANT_TYPE, grantType)); if (!ATUH_CODE.equals(grantType)) sendContent(ex, HTTP_BAD_REQUEST, Map.of(ERROR, "unknown grant type", GRANT_TYPE, grantType));
var optClient = Optional.ofNullable(map.get(CLIENT_ID)).flatMap(clients::getClient); var optClient = Optional.ofNullable(map.get(CLIENT_ID)).flatMap(clients::getClient);
@@ -77,10 +76,8 @@ public class TokenController extends PathHandler {
private String createJWT(Client client) { private String createJWT(Client client) {
try { try {
MessageDigest digest = MessageDigest.getInstance("SHA-256"); byte[] secretBytes = client.secret().getBytes(StandardCharsets.UTF_8);
byte[] encodedhash = digest.digest(client.secret().getBytes(StandardCharsets.UTF_8)); HmacKey hmacKey = new HmacKey(secretBytes);
HmacKey hmacKey = new HmacKey(encodedhash);
JwtClaims claims = new JwtClaims(); JwtClaims claims = new JwtClaims();
claims.setIssuer("Issuer"); // who creates the token and signs it claims.setIssuer("Issuer"); // who creates the token and signs it
@@ -97,14 +94,17 @@ public class TokenController extends PathHandler {
// A JWT is a JWS and/or a JWE with JSON claims as the payload. // A JWT is a JWS and/or a JWE with JSON claims as the payload.
// In this example it is a JWS so we create a JsonWebSignature object. // In this example it is a JWS so we create a JsonWebSignature object.
JsonWebSignature jws = new JsonWebSignature(); JsonWebSignature jws = new JsonWebSignature();
if (secretBytes.length*8 < 256) {
LOG.log(WARNING,"Using secret with less than 256 bits! You will go to hell for this!");
jws.setDoKeyValidation(false); // TODO: this is dangerous! Better: enforce key length of 256bits!
}
jws.setPayload(claims.toJson()); jws.setPayload(claims.toJson());
jws.setKey(hmacKey); jws.setKey(hmacKey);
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA256); jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA256);
return jws.getCompactSerialization(); return jws.getCompactSerialization();
} catch (JoseException e) { } catch (JoseException e) {
throw new RuntimeException(e); throw new RuntimeException(e);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
} }
} }
} }