StephanRichter
/
LightOidc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

succeeded to create verifyable jwt with jose 

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
sqlite
Stephan Richter 4 months ago
parent
6b341bd209
commit
47c7c59cee
2 changed files with 14 additions and 15 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      de.srsoftware.cookies/src/main/java/de/srsoftware/cookies/Cookie.java
  2. 20
      de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java

9
de.srsoftware.cookies/src/main/java/de/srsoftware/cookies/Cookie.java
Unescape View File

@ -1,9 +1,6 @@ @@ -1,9 +1,6 @@
/* © SRSoftware 2024 */
package de.srsoftware.cookies;
import static java.lang.System.Logger.Level.ERROR;
import static java.lang.System.Logger.Level.WARNING;
import com.sun.net.httpserver.Headers;
import com.sun.net.httpserver.HttpExchange;
import java.util.Arrays;
@ -11,6 +8,8 @@ import java.util.List; @@ -11,6 +8,8 @@ import java.util.List;
import java.util.Map;
import java.util.Optional;
import static java.lang.System.Logger.Level.*;
public abstract class Cookie implements Map.Entry<String, String> {
static final System.Logger LOG = System.getLogger(SessionToken.class.getSimpleName());
private final String key;
@ -22,7 +21,7 @@ public abstract class Cookie implements Map.Entry<String, String> { @@ -22,7 +21,7 @@ public abstract class Cookie implements Map.Entry<String, String> {
}
public <T extends Cookie> T addTo(Headers headers) {
LOG.log(ERROR, "sending cookie {0}={1}", key, value);
LOG.log(INFO, "sending cookie {0}={1}", key, value);
headers.add("Set-Cookie", "%s=%s".formatted(key, value));
return (T)this;
}
@ -42,7 +41,7 @@ public abstract class Cookie implements Map.Entry<String, String> { @@ -42,7 +41,7 @@ public abstract class Cookie implements Map.Entry<String, String> {
}
protected static List<String> of(HttpExchange ex) {
return Optional.ofNullable(ex.getRequestHeaders().get("Cookie")).stream().flatMap(List::stream).flatMap(s -> Arrays.stream(s.split(";"))).map(String::trim).peek(cookie -> LOG.log(WARNING, "received cookie {0}", cookie)).toList();
return Optional.ofNullable(ex.getRequestHeaders().get("Cookie")).stream().flatMap(List::stream).flatMap(s -> Arrays.stream(s.split(";"))).map(String::trim).peek(cookie -> LOG.log(INFO, "received cookie {0}", cookie)).toList();
}
@Override

20
de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java
Unescape View File

@ -2,8 +2,7 @@ @@ -2,8 +2,7 @@
package de.srsoftware.oidc.backend;
import static de.srsoftware.oidc.api.Constants.*;
import static java.lang.System.Logger.Level.ERROR;
import static java.lang.System.Logger.Level.WARNING;
import static java.lang.System.Logger.Level.*;
import static java.net.HttpURLConnection.HTTP_BAD_REQUEST;
import com.sun.net.httpserver.HttpExchange;
@ -48,8 +47,8 @@ public class TokenController extends PathHandler { @@ -48,8 +47,8 @@ public class TokenController extends PathHandler {
var map = deserialize(body(ex));
// TODO: check Authorization Code, → https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
// TODO: check Redirect URL
LOG.log(WARNING, "post data: {0}", map);
LOG.log(ERROR, "{0}.provideToken(ex) not implemented!", getClass().getSimpleName());
LOG.log(DEBUG, "post data: {0}", map);
LOG.log(WARNING, "{0}.provideToken(ex) not implemented!", getClass().getSimpleName());
var grantType = map.get(GRANT_TYPE);
if (!ATUH_CODE.equals(grantType)) sendContent(ex, HTTP_BAD_REQUEST, Map.of(ERROR, "unknown grant type", GRANT_TYPE, grantType));
var optClient = Optional.ofNullable(map.get(CLIENT_ID)).flatMap(clients::getClient);
@ -77,10 +76,8 @@ public class TokenController extends PathHandler { @@ -77,10 +76,8 @@ public class TokenController extends PathHandler {
private String createJWT(Client client) {
try {
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] encodedhash = digest.digest(client.secret().getBytes(StandardCharsets.UTF_8));
HmacKey hmacKey = new HmacKey(encodedhash);
byte[] secretBytes = client.secret().getBytes(StandardCharsets.UTF_8);
HmacKey hmacKey = new HmacKey(secretBytes);
JwtClaims claims = new JwtClaims();
claims.setIssuer("Issuer"); // who creates the token and signs it
@ -97,14 +94,17 @@ public class TokenController extends PathHandler { @@ -97,14 +94,17 @@ public class TokenController extends PathHandler {
// A JWT is a JWS and/or a JWE with JSON claims as the payload.
// In this example it is a JWS so we create a JsonWebSignature object.
JsonWebSignature jws = new JsonWebSignature();
if (secretBytes.length*8 < 256) {
LOG.log(WARNING,"Using secret with less than 256 bits! You will go to hell for this!");
jws.setDoKeyValidation(false); // TODO: this is dangerous! Better: enforce key length of 256bits!
}
jws.setPayload(claims.toJson());
jws.setKey(hmacKey);
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA256);
return jws.getCompactSerialization();
} catch (JoseException e) {
throw new RuntimeException(e);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
}
}

Write Preview
Loading…
Cancel
Save