preparing jwt creation

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>

de.srsoftware.cookies/src/main/java/de/srsoftware/cookies/Cookie.java

@@ -1,6 +1,9 @@
 /* © SRSoftware 2024 */
 package de.srsoftware.cookies;
 
+import static java.lang.System.Logger.Level.ERROR;
+import static java.lang.System.Logger.Level.WARNING;
+
 import com.sun.net.httpserver.Headers;
 import com.sun.net.httpserver.HttpExchange;
 import java.util.Arrays;
@@ -8,13 +11,10 @@ import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 
-import static java.lang.System.Logger.Level.ERROR;
-import static java.lang.System.Logger.Level.WARNING;
-
 public abstract class Cookie implements Map.Entry<String, String> {
 	static final System.Logger LOG = System.getLogger(SessionToken.class.getSimpleName());
-	private final String key;
-	private String	     value = null;
+	private final String       key;
+	private String	           value = null;
 
 	Cookie(String key, String value) {
 		this.key = key;
@@ -22,7 +22,7 @@ public abstract class Cookie implements Map.Entry<String, String> {
 	}
 
 	public <T extends Cookie> T addTo(Headers headers) {
-		LOG.log(ERROR,"sending cookie {0}={1}",key,value);
+		LOG.log(ERROR, "sending cookie {0}={1}", key, value);
 		headers.add("Set-Cookie", "%s=%s".formatted(key, value));
 		return (T)this;
 	}
@@ -42,14 +42,7 @@ public abstract class Cookie implements Map.Entry<String, String> {
 	}
 
 	protected static List<String> of(HttpExchange ex) {
-		return Optional.ofNullable(ex.getRequestHeaders()
-				.get("Cookie"))
-				.stream()
-				.flatMap(List::stream)
-				.flatMap(s -> Arrays.stream(s.split(";")))
-				.map(String::trim)
-				.peek(cookie -> LOG.log(WARNING,"received cookie {0}",cookie))
-				.toList();
+		return Optional.ofNullable(ex.getRequestHeaders().get("Cookie")).stream().flatMap(List::stream).flatMap(s -> Arrays.stream(s.split(";"))).map(String::trim).peek(cookie -> LOG.log(WARNING, "received cookie {0}", cookie)).toList();
 	}
 
 	@Override

de.srsoftware.cookies/src/main/java/de/srsoftware/cookies/SessionToken.java

@@ -4,23 +4,24 @@ package de.srsoftware.cookies;
 
 import com.sun.net.httpserver.HttpExchange;
 import java.util.Optional;
-import java.util.logging.Logger;
 
-import static java.lang.System.Logger.Level.DEBUG;
-import static java.lang.System.Logger.Level.WARNING;
 
 public class SessionToken extends Cookie {
 	private final String sessionId;
 
 	public SessionToken(String sessionId) {
-		super("sessionToken", sessionId+"; Path=/api");
+		super("sessionToken", sessionId + "; Path=/api");
 		this.sessionId = sessionId;
 	}
 
 	public static Optional<SessionToken> from(HttpExchange ex) {
-		return Cookie.of(ex).stream().filter(cookie -> cookie.startsWith("sessionToken="))
+		return Cookie.of(ex)
+		    .stream()
+		    .filter(cookie -> cookie.startsWith("sessionToken="))
 
-				.map(cookie -> cookie.split("=", 2)[1]).map(id -> new SessionToken(id)).findAny();
+		    .map(cookie -> cookie.split("=", 2)[1])
+		    .map(id -> new SessionToken(id))
+		    .findAny();
 	}
 
 	public String sessionId() {

de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/Constants.java

@@ -2,15 +2,22 @@
 package de.srsoftware.oidc.api;
 
 public class Constants {
+	public static final String ACCESS_TOKEN  = "access_token";
+	public static final String ATUH_CODE     = "authorization_code";
+	public static final String BEARER        = "Bearer";
 	public static final String CAUSE         = "cause";
 	public static final String CLIENT_ID     = "client_id";
+	public static final String CLIENT_SECRET = "client_secret";
 	public static final String CODE	         = "code";
 	public static final String CONFIRMED     = "confirmed";
+	public static final String DEFAULT_KEY   = "default_key";
+	public static final String EXPIRES_IN    = "expires_in";
 	public static final String GRANT_TYPE    = "grant_type";
+	public static final String ID_TOKEN      = "id_token";
 	public static final String NAME	         = "name";
 	public static final String REDIRECT_URI  = "redirect_uri";
 	public static final String REDIRECT_URIS = "redirect_uris";
 	public static final String SECRET        = "secret";
 	public static final String STATE         = "state";
-	public static final String ATUH_CODE     = "authorization_code";
+	public static final String TOKEN_TYPE    = "token_type";
 }

de.srsoftware.oidc.app/src/main/java/de/srsoftware/oidc/app/Application.java

@@ -52,9 +52,9 @@ public class Application {
 		new Forward(INDEX).bindPath(ROOT).on(server);
 		new WellKnownController().bindPath(WELL_KNOWN).on(server);
 		new UserController(fileStore, fileStore).bindPath(API_USER).on(server);
-		new TokenController().bindPath(API_TOKEN).on(server);
+		new TokenController(fileStore).bindPath(API_TOKEN).on(server);
 		new ClientController(fileStore, fileStore, fileStore).bindPath(API_CLIENT).on(server);
-		//server.setExecutor(Executors.newCachedThreadPool());
+		// server.setExecutor(Executors.newCachedThreadPool());
 		server.setExecutor(Executors.newSingleThreadExecutor());
 		server.start();
 	}

de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java

@@ -1,21 +1,27 @@
 /* © SRSoftware 2024 */
 package de.srsoftware.oidc.backend;
 
-import static de.srsoftware.oidc.api.Constants.ATUH_CODE;
-import static de.srsoftware.oidc.api.Constants.GRANT_TYPE;
+import static de.srsoftware.oidc.api.Constants.*;
 import static java.lang.System.Logger.Level.ERROR;
 import static java.lang.System.Logger.Level.WARNING;
 import static java.net.HttpURLConnection.HTTP_BAD_REQUEST;
-import static java.net.HttpURLConnection.HTTP_NOT_FOUND;
 
 import com.sun.net.httpserver.HttpExchange;
+import de.srsoftware.oidc.api.Client;
+import de.srsoftware.oidc.api.ClientService;
 import de.srsoftware.oidc.api.PathHandler;
 import java.io.IOException;
-import java.util.Arrays;
-import java.util.Map;
+import java.util.*;
 import java.util.stream.Collectors;
+import org.json.JSONObject;
 
 public class TokenController extends PathHandler {
+	private final ClientService clients;
+
+	public TokenController(ClientService clientService) {
+		clients = clientService;
+	}
+
 	private Map<String, String> deserialize(String body) {
 		return Arrays.stream(body.split("&")).map(s -> s.split("=")).collect(Collectors.toMap(arr -> arr[0], arr -> arr[1]));
 	}
@@ -32,10 +38,36 @@ public class TokenController extends PathHandler {
 
 	private boolean provideToken(HttpExchange ex) throws IOException {
 		var map = deserialize(body(ex));
+		// TODO: check 	Authorization Code, → https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
+		// TODO: check Redirect URL
 		LOG.log(WARNING, "post data: {0}", map);
 		LOG.log(ERROR, "{0}.provideToken(ex) not implemented!", getClass().getSimpleName());
 		var grantType = map.get(GRANT_TYPE);
 		if (!ATUH_CODE.equals(grantType)) sendContent(ex, HTTP_BAD_REQUEST, Map.of(ERROR, "unknown grant type", GRANT_TYPE, grantType));
-		return sendEmptyResponse(HTTP_NOT_FOUND, ex);
+		var optClient = Optional.ofNullable(map.get(CLIENT_ID)).flatMap(clients::getClient);
+		if (optClient.isEmpty()) {
+			LOG.log(ERROR, "client not found");
+			return sendEmptyResponse(HTTP_BAD_REQUEST, ex);
+			// TODO: send correct response
+		}
+		var secretFromClient = map.get(CLIENT_SECRET);
+		var client	     = optClient.get();
+		if (!client.secret().equals(secretFromClient)) {
+			LOG.log(ERROR, "client secret mismatch");
+			return sendEmptyResponse(HTTP_BAD_REQUEST, ex);
+			// TODO: send correct response
+		}
+		String jwToken = createJWT(client);
+		ex.getResponseHeaders().add("Cache-Control", "no-store");
+		JSONObject response = new JSONObject();
+		response.put(ACCESS_TOKEN, UUID.randomUUID().toString());  // TODO: wofür genau wird der verwendet, was gilt es hier zu beachten
+		response.put(TOKEN_TYPE, BEARER);
+		response.put(EXPIRES_IN, 3600);
+		response.put(ID_TOKEN, jwToken);
+		return sendContent(ex, response);
+	}
+
+	private String createJWT(Client client) {
+		return null;
 	}
 }