StephanRichter/LightOidc
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

spotless

Browse Source 
Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
This commit is contained in:
Stephan Richter
2024-07-29 09:57:19 +02:00
parent 378ea12bbc
commit 6b7e0d2c97
2 changed files with 7 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
de.srsoftware.cookies/src/main/java/de/srsoftware/cookies/Cookie.java
View File

@@ -1,6 +1,8 @@
/* © SRSoftware 2024 */ /* © SRSoftware 2024 */
package de.srsoftware.cookies; package de.srsoftware.cookies;
import static java.lang.System.Logger.Level.*;
import com.sun.net.httpserver.Headers; import com.sun.net.httpserver.Headers;
import com.sun.net.httpserver.HttpExchange; import com.sun.net.httpserver.HttpExchange;
import java.util.Arrays; import java.util.Arrays;
@@ -8,8 +10,6 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Optional; import java.util.Optional;
import static java.lang.System.Logger.Level.*;
public abstract class Cookie implements Map.Entry<String, String> { public abstract class Cookie implements Map.Entry<String, String> {
static final System.Logger LOG = System.getLogger(SessionToken.class.getSimpleName()); static final System.Logger LOG = System.getLogger(SessionToken.class.getSimpleName());
private final String key; private final String key;

12
de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java
View File

@@ -11,8 +11,6 @@ import de.srsoftware.oidc.api.ClientService;
import de.srsoftware.oidc.api.PathHandler; import de.srsoftware.oidc.api.PathHandler;
import java.io.IOException; import java.io.IOException;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.*; import java.util.*;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import org.jose4j.jws.AlgorithmIdentifiers; import org.jose4j.jws.AlgorithmIdentifiers;
@@ -76,8 +74,8 @@ public class TokenController extends PathHandler {
private String createJWT(Client client) { private String createJWT(Client client) {
try { try {
byte[] secretBytes = client.secret().getBytes(StandardCharsets.UTF_8); byte[] secretBytes = client.secret().getBytes(StandardCharsets.UTF_8);
HmacKey hmacKey = new HmacKey(secretBytes); HmacKey hmacKey = new HmacKey(secretBytes);
JwtClaims claims = new JwtClaims(); JwtClaims claims = new JwtClaims();
claims.setIssuer("Issuer"); // who creates the token and signs it claims.setIssuer("Issuer"); // who creates the token and signs it
@@ -94,9 +92,9 @@ public class TokenController extends PathHandler {
// A JWT is a JWS and/or a JWE with JSON claims as the payload. // A JWT is a JWS and/or a JWE with JSON claims as the payload.
// In this example it is a JWS so we create a JsonWebSignature object. // In this example it is a JWS so we create a JsonWebSignature object.
JsonWebSignature jws = new JsonWebSignature(); JsonWebSignature jws = new JsonWebSignature();
if (secretBytes.length*8 < 256) { if (secretBytes.length * 8 < 256) {
LOG.log(WARNING,"Using secret with less than 256 bits! You will go to hell for this!"); LOG.log(WARNING, "Using secret with less than 256 bits! You will go to hell for this!");
jws.setDoKeyValidation(false); // TODO: this is dangerous! Better: enforce key length of 256bits! jws.setDoKeyValidation(false); // TODO: this is dangerous! Better: enforce key length of 256bits!
} }
jws.setPayload(claims.toJson()); jws.setPayload(claims.toJson());