StephanRichter
/
LightOidc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

spotless 

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
sqlite
Stephan Richter 7 months ago
parent
378ea12bbc
commit
6b7e0d2c97
2 changed files with 7 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      de.srsoftware.cookies/src/main/java/de/srsoftware/cookies/Cookie.java
  2. 12
      de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java

4
de.srsoftware.cookies/src/main/java/de/srsoftware/cookies/Cookie.java
Unescape View File

@ -1,6 +1,8 @@
/* © SRSoftware 2024 */ /* © SRSoftware 2024 */
package de.srsoftware.cookies; package de.srsoftware.cookies;
import static java.lang.System.Logger.Level.*;
import com.sun.net.httpserver.Headers; import com.sun.net.httpserver.Headers;
import com.sun.net.httpserver.HttpExchange; import com.sun.net.httpserver.HttpExchange;
import java.util.Arrays; import java.util.Arrays;
@ -8,8 +10,6 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Optional; import java.util.Optional;
import static java.lang.System.Logger.Level.*;
public abstract class Cookie implements Map.Entry<String, String> { public abstract class Cookie implements Map.Entry<String, String> {
static final System.Logger LOG = System.getLogger(SessionToken.class.getSimpleName()); static final System.Logger LOG = System.getLogger(SessionToken.class.getSimpleName());
private final String key; private final String key;

12
de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java
Unescape View File

@ -11,8 +11,6 @@ import de.srsoftware.oidc.api.ClientService;
import de.srsoftware.oidc.api.PathHandler; import de.srsoftware.oidc.api.PathHandler;
import java.io.IOException; import java.io.IOException;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.*; import java.util.*;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import org.jose4j.jws.AlgorithmIdentifiers; import org.jose4j.jws.AlgorithmIdentifiers;
@ -76,8 +74,8 @@ public class TokenController extends PathHandler {
private String createJWT(Client client) { private String createJWT(Client client) {
try { try {
byte[] secretBytes = client.secret().getBytes(StandardCharsets.UTF_8); byte[] secretBytes = client.secret().getBytes(StandardCharsets.UTF_8);
HmacKey hmacKey = new HmacKey(secretBytes); HmacKey hmacKey = new HmacKey(secretBytes);
JwtClaims claims = new JwtClaims(); JwtClaims claims = new JwtClaims();
claims.setIssuer("Issuer"); // who creates the token and signs it claims.setIssuer("Issuer"); // who creates the token and signs it
@ -94,9 +92,9 @@ public class TokenController extends PathHandler {
// A JWT is a JWS and/or a JWE with JSON claims as the payload. // A JWT is a JWS and/or a JWE with JSON claims as the payload.
// In this example it is a JWS so we create a JsonWebSignature object. // In this example it is a JWS so we create a JsonWebSignature object.
JsonWebSignature jws = new JsonWebSignature(); JsonWebSignature jws = new JsonWebSignature();
if (secretBytes.length*8 < 256) { if (secretBytes.length * 8 < 256) {
LOG.log(WARNING,"Using secret with less than 256 bits! You will go to hell for this!"); LOG.log(WARNING, "Using secret with less than 256 bits! You will go to hell for this!");
jws.setDoKeyValidation(false); // TODO: this is dangerous! Better: enforce key length of 256bits! jws.setDoKeyValidation(false); // TODO: this is dangerous! Better: enforce key length of 256bits!
} }
jws.setPayload(claims.toJson()); jws.setPayload(claims.toJson());

Write Preview
Loading…
Cancel
Save