Browse Source

working on key management

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
sqlite
Stephan Richter 4 months ago
parent
commit
928e6d23cb
  1. 1
      de.srsoftware.oidc.api/build.gradle
  2. 2
      de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/Constants.java
  3. 15
      de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/KeyManager.java
  4. 13
      de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/KeyStorage.java
  5. 8
      de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/PathHandler.java
  6. 31
      de.srsoftware.oidc.app/src/main/java/de/srsoftware/oidc/app/Application.java
  7. 11
      de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/ClientController.java
  8. 20
      de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/KeyStoreController.java
  9. 39
      de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/RotatingKeyManager.java
  10. 68
      de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java
  11. 4
      de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/UserController.java
  12. 7
      de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/WellKnownController.java
  13. 2
      de.srsoftware.oidc.datastore.file/build.gradle
  14. 58
      de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/PlaintextKeyStore.java
  15. 3
      de.srsoftware.oidc.web/src/main/java/de/srsoftware/oidc/web/StaticPages.java
  16. 2
      de.srsoftware.oidc.web/src/main/resources/de/clients.html
  17. 1
      de.srsoftware.oidc.web/src/main/resources/en/authorization.js
  18. 2
      de.srsoftware.oidc.web/src/main/resources/en/clients.html

1
de.srsoftware.oidc.api/build.gradle

@ -12,6 +12,7 @@ dependencies {
testImplementation platform('org.junit:junit-bom:5.10.0') testImplementation platform('org.junit:junit-bom:5.10.0')
testImplementation 'org.junit.jupiter:junit-jupiter' testImplementation 'org.junit.jupiter:junit-jupiter'
implementation 'org.json:json:20240303' implementation 'org.json:json:20240303'
implementation 'org.bitbucket.b_c:jose4j:0.9.6'
} }
test { test {

2
de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/Constants.java

@ -17,8 +17,10 @@ public class Constants {
public static final String GRANT_TYPE = "grant_type"; public static final String GRANT_TYPE = "grant_type";
public static final String ID_TOKEN = "id_token"; public static final String ID_TOKEN = "id_token";
public static final String NAME = "name"; public static final String NAME = "name";
public static final String OPENID = "openid";
public static final String REDIRECT_URI = "redirect_uri"; public static final String REDIRECT_URI = "redirect_uri";
public static final String REDIRECT_URIS = "redirect_uris"; public static final String REDIRECT_URIS = "redirect_uris";
public static final String SCOPE = "scope";
public static final String SECRET = "secret"; public static final String SECRET = "secret";
public static final String STATE = "state"; public static final String STATE = "state";
public static final String TOKEN_TYPE = "token_type"; public static final String TOKEN_TYPE = "token_type";

15
de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/KeyManager.java

@ -0,0 +1,15 @@
/* © SRSoftware 2024 */
package de.srsoftware.oidc.api;
import java.io.IOException;
import org.jose4j.jwk.PublicJsonWebKey;
public interface KeyManager {
public class KeyCreationException extends Exception {
public KeyCreationException(Exception cause) {
super(cause);
}
}
public PublicJsonWebKey getKey() throws KeyCreationException, IOException;
}

13
de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/KeyStorage.java

@ -0,0 +1,13 @@
/* © SRSoftware 2024 */
package de.srsoftware.oidc.api;
import java.io.IOException;
import java.util.List;
import org.jose4j.jwk.PublicJsonWebKey;
public interface KeyStorage {
public KeyStorage drop(String keyId);
public List<String> listKeys();
public PublicJsonWebKey load(String keyId) throws IOException, KeyManager.KeyCreationException;
public KeyStorage store(PublicJsonWebKey jsonWebKey) throws IOException;
}

8
de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/PathHandler.java

@ -43,15 +43,15 @@ public abstract class PathHandler implements HttpHandler {
} }
public boolean doDelete(String path, HttpExchange ex) throws IOException { public boolean doDelete(String path, HttpExchange ex) throws IOException {
return false; return notFound(ex);
} }
public boolean doGet(String path, HttpExchange ex) throws IOException { public boolean doGet(String path, HttpExchange ex) throws IOException {
return false; return notFound(ex);
} }
public boolean doPost(String path, HttpExchange ex) throws IOException { public boolean doPost(String path, HttpExchange ex) throws IOException {
return false; return notFound(ex);
} }
@Override @Override
@ -112,7 +112,7 @@ public abstract class PathHandler implements HttpHandler {
} }
public static boolean notFound(HttpExchange ex) throws IOException { public static boolean notFound(HttpExchange ex) throws IOException {
LOG.log(WARNING, "not implemented"); LOG.log(ERROR, "not implemented");
return sendEmptyResponse(HTTP_NOT_FOUND, ex); return sendEmptyResponse(HTTP_NOT_FOUND, ex);
} }

31
de.srsoftware.oidc.app/src/main/java/de/srsoftware/oidc/app/Application.java

@ -12,12 +12,12 @@ import static java.lang.System.getenv;
import com.sun.net.httpserver.HttpServer; import com.sun.net.httpserver.HttpServer;
import de.srsoftware.logging.ColorLogger; import de.srsoftware.logging.ColorLogger;
import de.srsoftware.oidc.api.KeyManager;
import de.srsoftware.oidc.api.KeyStorage;
import de.srsoftware.oidc.api.User; import de.srsoftware.oidc.api.User;
import de.srsoftware.oidc.backend.ClientController; import de.srsoftware.oidc.backend.*;
import de.srsoftware.oidc.backend.TokenController;
import de.srsoftware.oidc.backend.UserController;
import de.srsoftware.oidc.backend.WellKnownController;
import de.srsoftware.oidc.datastore.file.FileStore; import de.srsoftware.oidc.datastore.file.FileStore;
import de.srsoftware.oidc.datastore.file.PlaintextKeyStore;
import de.srsoftware.oidc.datastore.file.UuidHasher; import de.srsoftware.oidc.datastore.file.UuidHasher;
import de.srsoftware.oidc.web.Forward; import de.srsoftware.oidc.web.Forward;
import de.srsoftware.oidc.web.StaticPages; import de.srsoftware.oidc.web.StaticPages;
@ -33,6 +33,7 @@ public class Application {
public static final String FIRST_USER = "admin"; public static final String FIRST_USER = "admin";
public static final String FIRST_USER_PASS = "admin"; public static final String FIRST_USER_PASS = "admin";
public static final String FIRST_UUID = UUID.randomUUID().toString(); public static final String FIRST_UUID = UUID.randomUUID().toString();
public static final String JWKS = "/api/jwks";
public static final String ROOT = "/"; public static final String ROOT = "/";
public static final String STATIC_PATH = "/web"; public static final String STATIC_PATH = "/web";
@ -43,20 +44,24 @@ public class Application {
private static System.Logger LOG = new ColorLogger("Application").setLogLevel(DEBUG); private static System.Logger LOG = new ColorLogger("Application").setLogLevel(DEBUG);
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
var argMap = map(args); var argMap = map(args);
Optional<Path> basePath = argMap.get(BASE_PATH) instanceof Path p ? Optional.of(p) : Optional.empty(); Optional<Path> basePath = argMap.get(BASE_PATH) instanceof Path p ? Optional.of(p) : Optional.empty();
var storageFile = (argMap.get(CONFIG_PATH) instanceof Path p ? p : configDir(APP_NAME).resolve("config.json")).toFile(); var storageFile = (argMap.get(CONFIG_PATH) instanceof Path p ? p : configDir(APP_NAME).resolve("config.json")).toFile();
var passwordHasher = new UuidHasher(); var keyDir = storageFile.getParentFile().toPath().resolve("keys");
var firstHash = passwordHasher.hash(FIRST_USER_PASS, FIRST_UUID); var passwordHasher = new UuidHasher();
var firstUser = new User(FIRST_USER, firstHash, FIRST_USER, "%s@internal".formatted(FIRST_USER), FIRST_UUID).add(MANAGE_CLIENTS); var firstHash = passwordHasher.hash(FIRST_USER_PASS, FIRST_UUID);
FileStore fileStore = new FileStore(storageFile, passwordHasher).init(firstUser); var firstUser = new User(FIRST_USER, firstHash, FIRST_USER, "%s@internal".formatted(FIRST_USER), FIRST_UUID).add(MANAGE_CLIENTS);
HttpServer server = HttpServer.create(new InetSocketAddress(8080), 0); KeyStorage keyStore = new PlaintextKeyStore(keyDir);
KeyManager keyManager = new RotatingKeyManager(keyStore);
FileStore fileStore = new FileStore(storageFile, passwordHasher).init(firstUser);
HttpServer server = HttpServer.create(new InetSocketAddress(8080), 0);
new StaticPages(basePath).bindPath(STATIC_PATH, FAVICON).on(server); new StaticPages(basePath).bindPath(STATIC_PATH, FAVICON).on(server);
new Forward(INDEX).bindPath(ROOT).on(server); new Forward(INDEX).bindPath(ROOT).on(server);
new WellKnownController().bindPath(WELL_KNOWN).on(server); new WellKnownController().bindPath(WELL_KNOWN).on(server);
new UserController(fileStore, fileStore).bindPath(API_USER).on(server); new UserController(fileStore, fileStore).bindPath(API_USER).on(server);
new TokenController(fileStore, fileStore, fileStore).bindPath(API_TOKEN).on(server); new TokenController(fileStore, fileStore, keyManager, fileStore).bindPath(API_TOKEN).on(server);
new ClientController(fileStore, fileStore, fileStore).bindPath(API_CLIENT).on(server); new ClientController(fileStore, fileStore, fileStore).bindPath(API_CLIENT).on(server);
new KeyStoreController(keyStore).bindPath(JWKS).on(server);
// server.setExecutor(Executors.newCachedThreadPool()); // server.setExecutor(Executors.newCachedThreadPool());
server.setExecutor(Executors.newSingleThreadExecutor()); server.setExecutor(Executors.newSingleThreadExecutor());
server.start(); server.start();

11
de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/ClientController.java

@ -11,6 +11,7 @@ import de.srsoftware.oidc.api.*;
import java.io.IOException; import java.io.IOException;
import java.time.Duration; import java.time.Duration;
import java.time.Instant; import java.time.Instant;
import java.util.Arrays;
import java.util.HashSet; import java.util.HashSet;
import java.util.Map; import java.util.Map;
import java.util.UUID; import java.util.UUID;
@ -29,8 +30,11 @@ public class ClientController extends Controller {
private boolean authorize(HttpExchange ex, Session session) throws IOException { private boolean authorize(HttpExchange ex, Session session) throws IOException {
var user = session.user(); var user = session.user();
var json = json(ex); var json = json(ex);
var scope = json.getString(SCOPE);
if (!Arrays.asList(scope.split(" ")).contains(OPENID)) return sendContent(ex, HTTP_BAD_REQUEST, Map.of(ERROR, "openid scope missing in request"));
var clientId = json.getString(CLIENT_ID); var clientId = json.getString(CLIENT_ID);
var redirect = json.getString(REDIRECT_URI); var redirect = json.getString(REDIRECT_URI);
var optClient = clients.getClient(clientId); var optClient = clients.getClient(clientId);
@ -74,8 +78,7 @@ public class ClientController extends Controller {
case "/": case "/":
return deleteClient(ex, session); return deleteClient(ex, session);
} }
LOG.log(ERROR, "not implemented"); return notFound(ex);
return sendEmptyResponse(HTTP_NOT_FOUND, ex);
} }

20
de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/KeyStoreController.java

@ -0,0 +1,20 @@
/* © SRSoftware 2024 */
package de.srsoftware.oidc.backend;
import com.sun.net.httpserver.HttpExchange;
import de.srsoftware.oidc.api.KeyStorage;
import de.srsoftware.oidc.api.PathHandler;
import java.io.IOException;
public class KeyStoreController extends PathHandler {
private final KeyStorage keyStore;
public KeyStoreController(KeyStorage keyStorage) {
keyStore = keyStorage;
}
@Override
public boolean doGet(String path, HttpExchange ex) throws IOException {
return super.doGet(path, ex);
}
}

39
de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/RotatingKeyManager.java

@ -0,0 +1,39 @@
/* © SRSoftware 2024 */
package de.srsoftware.oidc.backend;
import static org.jose4j.jws.AlgorithmIdentifiers.RSA_USING_SHA256;
import de.srsoftware.oidc.api.KeyManager;
import de.srsoftware.oidc.api.KeyStorage;
import java.io.IOException;
import java.util.UUID;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jwk.RsaJwkGenerator;
import org.jose4j.lang.JoseException;
public class RotatingKeyManager implements KeyManager {
private static final System.Logger LOG = System.getLogger(RotatingKeyManager.class.getSimpleName());
private final KeyStorage store;
public RotatingKeyManager(KeyStorage keyStore) {
store = keyStore;
}
@Override
public PublicJsonWebKey getKey() throws KeyCreationException, IOException {
var list = store.listKeys();
return list.isEmpty() ? createNewKey() : store.load(list.get(0));
}
private PublicJsonWebKey createNewKey() throws KeyCreationException, IOException {
try {
var key = RsaJwkGenerator.generateJwk(2048);
key.setAlgorithm(RSA_USING_SHA256);
key.setKeyId(UUID.randomUUID().toString());
store.store(key);
return key;
} catch (JoseException e) {
throw new KeyCreationException(e);
}
}
}

68
de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java

@ -12,10 +12,10 @@ import java.net.URLDecoder;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.*; import java.util.*;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import org.jose4j.jws.AlgorithmIdentifiers; import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jws.JsonWebSignature; import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims; import org.jose4j.jwt.JwtClaims;
import org.jose4j.keys.HmacKey; import org.jose4j.jwt.MalformedClaimException;
import org.jose4j.lang.JoseException; import org.jose4j.lang.JoseException;
import org.json.JSONObject; import org.json.JSONObject;
@ -23,11 +23,13 @@ public class TokenController extends PathHandler {
private final ClientService clients; private final ClientService clients;
private final AuthorizationService authorizations; private final AuthorizationService authorizations;
private final UserService users; private final UserService users;
private final KeyManager keyManager;
public TokenController(AuthorizationService authorizationService, ClientService clientService, UserService userService) { public TokenController(AuthorizationService authorizationService, ClientService clientService, KeyManager keyManager, UserService userService) {
authorizations = authorizationService; authorizations = authorizationService;
clients = clientService; clients = clientService;
users = userService; this.keyManager = keyManager;
users = userService;
} }
private Map<String, String> deserialize(String body) { private Map<String, String> deserialize(String body) {
@ -45,7 +47,9 @@ public class TokenController extends PathHandler {
} }
private boolean provideToken(HttpExchange ex) throws IOException { private boolean provideToken(HttpExchange ex) throws IOException {
var map = deserialize(body(ex)); var map = deserialize(body(ex));
// TODO: check data, → https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
var grantType = map.get(GRANT_TYPE); var grantType = map.get(GRANT_TYPE);
if (!AUTH_CODE.equals(grantType)) return sendContent(ex, HTTP_BAD_REQUEST, Map.of(ERROR, "unknown grant type", GRANT_TYPE, grantType)); if (!AUTH_CODE.equals(grantType)) return sendContent(ex, HTTP_BAD_REQUEST, Map.of(ERROR, "unknown grant type", GRANT_TYPE, grantType));
@ -66,8 +70,8 @@ public class TokenController extends PathHandler {
var uri = URLDecoder.decode(map.get(REDIRECT_URI), StandardCharsets.UTF_8); var uri = URLDecoder.decode(map.get(REDIRECT_URI), StandardCharsets.UTF_8);
if (!client.redirectUris().contains(uri)) sendContent(ex, HTTP_BAD_REQUEST, Map.of(ERROR, "unknown redirect uri", REDIRECT_URI, uri)); if (!client.redirectUris().contains(uri)) sendContent(ex, HTTP_BAD_REQUEST, Map.of(ERROR, "unknown redirect uri", REDIRECT_URI, uri));
var secretFromClient = map.get(CLIENT_SECRET); var secretFromClient = URLDecoder.decode(map.get(CLIENT_SECRET));
if (!client.secret().equals(secretFromClient)) return sendContent(ex, HTTP_BAD_REQUEST, Map.of(ERROR, "client secret mismatch")); if (secretFromClient != null && !client.secret().equals(secretFromClient)) return sendContent(ex, HTTP_BAD_REQUEST, Map.of(ERROR, "client secret mismatch"));
String jwToken = createJWT(client, user.get()); String jwToken = createJWT(client, user.get());
ex.getResponseHeaders().add("Cache-Control", "no-store"); ex.getResponseHeaders().add("Cache-Control", "no-store");
@ -76,42 +80,52 @@ public class TokenController extends PathHandler {
response.put(TOKEN_TYPE, BEARER); response.put(TOKEN_TYPE, BEARER);
response.put(EXPIRES_IN, 3600); response.put(EXPIRES_IN, 3600);
response.put(ID_TOKEN, jwToken); response.put(ID_TOKEN, jwToken);
LOG.log(DEBUG, jwToken);
return sendContent(ex, response); return sendContent(ex, response);
} }
private String createJWT(Client client, User user) { private String createJWT(Client client, User user) {
try { try {
byte[] secretBytes = client.secret().getBytes(StandardCharsets.UTF_8); PublicJsonWebKey key = keyManager.getKey();
HmacKey hmacKey = new HmacKey(secretBytes);
JwtClaims claims = getJwtClaims(user); JwtClaims claims = getJwtClaims(user, client);
// A JWT is a JWS and/or a JWE with JSON claims as the payload. // A JWT is a JWS and/or a JWE with JSON claims as the payload.
// In this example it is a JWS so we create a JsonWebSignature object. // In this example it is a JWS so we create a JsonWebSignature object.
JsonWebSignature jws = new JsonWebSignature(); JsonWebSignature jws = new JsonWebSignature();
if (secretBytes.length * 8 < 256) {
LOG.log(WARNING, "Using secret with less than 256 bits! You will go to hell for this!");
jws.setDoKeyValidation(false); // TODO: this is dangerous! Better: enforce key length of 256bits!
}
jws.setHeader("typ", "JWT");
jws.setPayload(claims.toJson()); jws.setPayload(claims.toJson());
jws.setKey(hmacKey); jws.setKey(key.getPrivateKey());
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.HMAC_SHA256); jws.setKeyIdHeaderValue(key.getKeyId());
jws.setAlgorithmHeaderValue(key.getAlgorithm());
return jws.getCompactSerialization(); return jws.getCompactSerialization();
} catch (JoseException e) { } catch (JoseException | KeyManager.KeyCreationException | IOException e) {
throw new RuntimeException(e); throw new RuntimeException(e);
} }
} }
private static JwtClaims getJwtClaims(User user) { private static JwtClaims getJwtClaims(User user, Client client) {
JwtClaims claims = new JwtClaims(); JwtClaims claims = new JwtClaims();
claims.setIssuer(APP_NAME); // who creates the token and signs it claims.setAudience(client.id(), "test");
claims.setExpirationTimeMinutesInTheFuture(10); // time when the token will expire (10 minutes from now) claims.setClaim("client_id", client.id());
claims.setGeneratedJwtId(); // a unique identifier for the token claims.setClaim("email", user.email()); // additional claims/attributes about the subject can be added
claims.setIssuedAtToNow(); // when the token was issued/created (now) claims.setExpirationTimeMinutesInTheFuture(10); // time when the token will expire (10 minutes from now)
claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago) claims.setIssuedAtToNow(); // when the token was issued/created (now)
claims.setSubject(user.uuid()); // the subject/principal is whom the token is about claims.setIssuer("https://lightoidc.srsoftware.de"); // who creates the token and signs it
claims.setClaim("email", user.email()); // additional claims/attributes about the subject can be added claims.setGeneratedJwtId(); // a unique identifier for the token
claims.setSubject(user.uuid()); // the subject/principal is whom the token is about
// die nachfolgenden Claims sind nur Spielerei, ich habe versucht, das System mit Umbrella zum Laufen zu bekommen
claims.setClaim("scope", "openid");
claims.setStringListClaim("amr", "pwd");
claims.setClaim("at_hash", Base64.getEncoder().encodeToString("Test".getBytes(StandardCharsets.UTF_8)));
claims.setClaim("azp", client.id());
claims.setClaim("email_verified", true);
try {
claims.setClaim("rat", claims.getIssuedAt().getValue());
} catch (MalformedClaimException e) {
}
return claims; return claims;
} }
} }

4
de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/UserController.java

@ -2,7 +2,6 @@
package de.srsoftware.oidc.backend; package de.srsoftware.oidc.backend;
import static de.srsoftware.oidc.api.User.*; import static de.srsoftware.oidc.api.User.*;
import static java.lang.System.Logger.Level.WARNING;
import static java.net.HttpURLConnection.*; import static java.net.HttpURLConnection.*;
import com.sun.net.httpserver.HttpExchange; import com.sun.net.httpserver.HttpExchange;
@ -31,8 +30,7 @@ public class UserController extends Controller {
return logout(ex, session); return logout(ex, session);
} }
LOG.log(WARNING, "not implemented"); return notFound(ex);
return sendEmptyResponse(HTTP_NOT_FOUND, ex);
} }

7
de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/WellKnownController.java

@ -1,8 +1,6 @@
/* © SRSoftware 2024 */ /* © SRSoftware 2024 */
package de.srsoftware.oidc.backend; package de.srsoftware.oidc.backend;
import static java.lang.System.Logger.Level.WARNING;
import static java.net.HttpURLConnection.HTTP_NOT_FOUND;
import com.sun.net.httpserver.HttpExchange; import com.sun.net.httpserver.HttpExchange;
import de.srsoftware.oidc.api.PathHandler; import de.srsoftware.oidc.api.PathHandler;
@ -16,12 +14,11 @@ public class WellKnownController extends PathHandler {
case "/openid-configuration": case "/openid-configuration":
return openidConfig(ex); return openidConfig(ex);
} }
LOG.log(WARNING, "not implemented"); return notFound(ex);
return sendEmptyResponse(HTTP_NOT_FOUND, ex);
} }
private boolean openidConfig(HttpExchange ex) throws IOException { private boolean openidConfig(HttpExchange ex) throws IOException {
var host = hostname(ex); var host = hostname(ex);
return sendContent(ex, Map.of("token_endpoint", host + "/api/token", "authorization_endpoint", host + "/web/authorization.html", "userinfo_endpoint", host + "/api/userinfo", "jwks_uri", host + "/api/jwks")); return sendContent(ex, Map.of("token_endpoint", host + "/api/token", "authorization_endpoint", host + "/web/authorization.html", "userinfo_endpoint", host + "/api/userinfo", "jwks_uri", host + "/api/jwks", "issuer", "https://lightoidc.srsoftware.de"));
} }
} }

2
de.srsoftware.oidc.datastore.file/build.gradle

@ -14,6 +14,8 @@ dependencies {
testImplementation 'org.junit.jupiter:junit-jupiter' testImplementation 'org.junit.jupiter:junit-jupiter'
implementation project(':de.srsoftware.oidc.api') implementation project(':de.srsoftware.oidc.api')
implementation 'org.json:json:20240303' implementation 'org.json:json:20240303'
implementation 'org.bitbucket.b_c:jose4j:0.9.6'
} }
test { test {

58
de.srsoftware.oidc.datastore.file/src/main/java/de/srsoftware/oidc/datastore/file/PlaintextKeyStore.java

@ -0,0 +1,58 @@
/* © SRSoftware 2024 */
package de.srsoftware.oidc.datastore.file;
import static java.lang.System.Logger.Level.ERROR;
import de.srsoftware.oidc.api.KeyManager;
import de.srsoftware.oidc.api.KeyStorage;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.List;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.lang.JoseException;
public class PlaintextKeyStore implements KeyStorage {
public static System.Logger LOG = System.getLogger(PlaintextKeyStore.class.getSimpleName());
private final Path dir;
public PlaintextKeyStore(Path storageDir) {
this.dir = storageDir;
storageDir.toFile().mkdirs();
}
@Override
public KeyStorage drop(String keyId) {
return null;
}
@Override
public List<String> listKeys() {
try {
return Files.list(dir).map(Path::toString).filter(filename -> filename.endsWith(".key")).map(filename -> filename.substring(0, filename.length() - 4)).toList();
} catch (IOException e) {
LOG.log(ERROR, "Failed to list files in {0}:", dir, e);
return List.of();
}
}
@Override
public PublicJsonWebKey load(String keyId) throws IOException, KeyManager.KeyCreationException {
var json = Files.readString(filename(keyId));
try {
return PublicJsonWebKey.Factory.newPublicJwk(json);
} catch (JoseException e) {
throw new KeyManager.KeyCreationException(e);
}
}
@Override
public KeyStorage store(PublicJsonWebKey jsonWebKey) throws IOException {
Files.writeString(filename(jsonWebKey.getKeyId()), jsonWebKey.toJson());
return this;
}
private Path filename(String keyId) {
return dir.resolve("%s.key".formatted(keyId));
}
}

3
de.srsoftware.oidc.web/src/main/java/de/srsoftware/oidc/web/StaticPages.java

@ -2,7 +2,6 @@
package de.srsoftware.oidc.web; package de.srsoftware.oidc.web;
import static java.lang.System.Logger.Level.*; import static java.lang.System.Logger.Level.*;
import static java.net.HttpURLConnection.HTTP_NOT_FOUND;
import com.sun.net.httpserver.HttpExchange; import com.sun.net.httpserver.HttpExchange;
import de.srsoftware.oidc.api.PathHandler; import de.srsoftware.oidc.api.PathHandler;
@ -43,7 +42,7 @@ public class StaticPages extends PathHandler {
return sendContent(ex, response.content); return sendContent(ex, response.content);
} catch (FileNotFoundException fnf) { } catch (FileNotFoundException fnf) {
LOG.log(WARNING, "Loaded {0} for language {1}…failed.", relativePath, lang); LOG.log(WARNING, "Loaded {0} for language {1}…failed.", relativePath, lang);
return sendEmptyResponse(HTTP_NOT_FOUND, ex); return notFound(ex);
} }
} }

2
de.srsoftware.oidc.web/src/main/resources/de/clients.html

@ -25,7 +25,7 @@
<td></td> <td></td>
<td></td> <td></td>
<td> <td>
<button onclick="window.location.href='newclient.html';">Neuen Client hinzufügen…</button> <button onclick="window.location.href='new_client.html';">Neuen Client hinzufügen…</button>
</td> </td>
</tr> </tr>
</table> </table>

1
de.srsoftware.oidc.web/src/main/resources/en/authorization.js

@ -13,6 +13,7 @@ async function handleResponse(response){
if (!json.confirmed){ if (!json.confirmed){
showConfirmationDialog(json.name); showConfirmationDialog(json.name);
} else { } else {
console.log('redirecting to '+json.redirect_uri+'?code='+json.code+'&state='+json.state+'&scope=openid');
redirect(json.redirect_uri+'?code='+json.code+'&state='+json.state+'&scope=openid'); redirect(json.redirect_uri+'?code='+json.code+'&state='+json.state+'&scope=openid');
} }
return; return;

2
de.srsoftware.oidc.web/src/main/resources/en/clients.html

@ -25,7 +25,7 @@
<td></td> <td></td>
<td></td> <td></td>
<td> <td>
<button onclick="window.location.href='newclient.html';">Add new client…</button> <button onclick="window.location.href='new_client.html';">Add new client…</button>
</td> </td>
</tr> </tr>
</table> </table>

Loading…
Cancel
Save