implemented EncryptedKeyStore

for this to work, the KeyStorage interface had to be extended Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
2024-09-29 00:16:56 +02:00
parent 32f773c184
commit 9ea6148583
10 changed files with 141 additions and 44 deletions
--- a/de.srsoftware.oidc.datastore.encrypted/build.gradle
+++ b/de.srsoftware.oidc.datastore.encrypted/build.gradle
@@ -16,6 +16,8 @@ dependencies {
    implementation 'com.sun.mail:jakarta.mail:2.0.1'
    implementation project(':de.srsoftware.utils')
    testImplementation project(path: ':de.srsoftware.oidc.api', configuration: "testBundle")
+    implementation 'org.bitbucket.b_c:jose4j:0.9.6'
+
 }

 test {
--- a/de.srsoftware.oidc.datastore.encrypted/src/main/java/de/srsoftware/oidc/datastore/encrypted/EncryptedKeyStore.java
+++ b/de.srsoftware.oidc.datastore.encrypted/src/main/java/de/srsoftware/oidc/datastore/encrypted/EncryptedKeyStore.java
@@ -0,0 +1,36 @@
+/* © SRSoftware 2024 */
+package de.srsoftware.oidc.datastore.encrypted;
+
+import de.srsoftware.oidc.api.KeyStorage;
+import java.io.IOException;
+import java.util.List;
+
+public class EncryptedKeyStore extends EncryptedConfig implements KeyStorage {
+	private final KeyStorage backend;
+
+	public EncryptedKeyStore(String key, String salt, KeyStorage backend) {
+		super(key, salt);
+		this.backend = backend;
+	}
+
+	@Override
+	public KeyStorage drop(String keyId) {
+		return backend.drop(keyId);
+	}
+
+	@Override
+	public List<String> listKeys() {
+		return backend.listKeys();
+	}
+
+	@Override
+	public String loadJson(String keyId) throws IOException {
+		return decrypt(backend.loadJson(keyId));
+	}
+
+	@Override
+	public KeyStorage store(String keyId, String jsonWebKey) throws IOException {
+		backend.store(keyId, encrypt(jsonWebKey));
+		return this;
+	}
+}
--- a/de.srsoftware.oidc.datastore.encrypted/src/test/java/EncryptedKeyStoreTest.java
+++ b/de.srsoftware.oidc.datastore.encrypted/src/test/java/EncryptedKeyStoreTest.java
@@ -0,0 +1,53 @@
+/* © SRSoftware 2024 */
+import static de.srsoftware.utils.Strings.uuid;
+
+import de.srsoftware.oidc.api.KeyStorage;
+import de.srsoftware.oidc.api.KeyStoreTest;
+import de.srsoftware.oidc.datastore.encrypted.EncryptedKeyStore;
+import java.io.IOException;
+import java.sql.SQLException;
+import java.util.HashMap;
+import java.util.List;
+import org.junit.jupiter.api.BeforeEach;
+
+
+public class EncryptedKeyStoreTest extends KeyStoreTest {
+	private class InMemoryKeyStore implements KeyStorage {
+		private HashMap<String, String> store = new HashMap<>();
+		@Override
+		public KeyStorage drop(String keyId) {
+			store.remove(keyId);
+			return this;
+		}
+
+		@Override
+		public List<String> listKeys() {
+			return List.copyOf(store.keySet());
+		}
+
+		@Override
+		public String loadJson(String keyId) {
+			return store.get(keyId);
+		}
+
+		@Override
+		public KeyStorage store(String keyId, String jsonWebKey) throws IOException {
+			store.put(keyId, jsonWebKey);
+			return this;
+		}
+	}
+	private KeyStorage keyStore;
+
+	@Override
+	protected KeyStorage keyStore() {
+		return keyStore;
+	}
+
+	@BeforeEach
+	public void setup() throws SQLException {
+		var backend = new InMemoryKeyStore();
+		var key     = uuid();
+		var salt    = uuid();
+		keyStore    = new EncryptedKeyStore(key, salt, backend);
+	}
+}