From ddb30ba2955a6470799ce7569c16863a00aade8e Mon Sep 17 00:00:00 2001 From: Stephan Richter Date: Mon, 29 Jul 2024 00:16:38 +0200 Subject: [PATCH] preparing jwt creation Signed-off-by: Stephan Richter --- .../java/de/srsoftware/cookies/Cookie.java | 21 +++------ .../de/srsoftware/cookies/SessionToken.java | 13 +++--- .../de/srsoftware/oidc/api/Constants.java | 9 +++- .../de/srsoftware/oidc/app/Application.java | 4 +- .../oidc/backend/TokenController.java | 44 ++++++++++++++++--- 5 files changed, 62 insertions(+), 29 deletions(-) diff --git a/de.srsoftware.cookies/src/main/java/de/srsoftware/cookies/Cookie.java b/de.srsoftware.cookies/src/main/java/de/srsoftware/cookies/Cookie.java index fba79a7..83c6659 100644 --- a/de.srsoftware.cookies/src/main/java/de/srsoftware/cookies/Cookie.java +++ b/de.srsoftware.cookies/src/main/java/de/srsoftware/cookies/Cookie.java @@ -1,6 +1,9 @@ /* © SRSoftware 2024 */ package de.srsoftware.cookies; +import static java.lang.System.Logger.Level.ERROR; +import static java.lang.System.Logger.Level.WARNING; + import com.sun.net.httpserver.Headers; import com.sun.net.httpserver.HttpExchange; import java.util.Arrays; @@ -8,13 +11,10 @@ import java.util.List; import java.util.Map; import java.util.Optional; -import static java.lang.System.Logger.Level.ERROR; -import static java.lang.System.Logger.Level.WARNING; - public abstract class Cookie implements Map.Entry { static final System.Logger LOG = System.getLogger(SessionToken.class.getSimpleName()); - private final String key; - private String value = null; + private final String key; + private String value = null; Cookie(String key, String value) { this.key = key; @@ -22,7 +22,7 @@ public abstract class Cookie implements Map.Entry { } public T addTo(Headers headers) { - LOG.log(ERROR,"sending cookie {0}={1}",key,value); + LOG.log(ERROR, "sending cookie {0}={1}", key, value); headers.add("Set-Cookie", "%s=%s".formatted(key, value)); return (T)this; } @@ -42,14 +42,7 @@ public abstract class Cookie implements Map.Entry { } protected static List of(HttpExchange ex) { - return Optional.ofNullable(ex.getRequestHeaders() - .get("Cookie")) - .stream() - .flatMap(List::stream) - .flatMap(s -> Arrays.stream(s.split(";"))) - .map(String::trim) - .peek(cookie -> LOG.log(WARNING,"received cookie {0}",cookie)) - .toList(); + return Optional.ofNullable(ex.getRequestHeaders().get("Cookie")).stream().flatMap(List::stream).flatMap(s -> Arrays.stream(s.split(";"))).map(String::trim).peek(cookie -> LOG.log(WARNING, "received cookie {0}", cookie)).toList(); } @Override diff --git a/de.srsoftware.cookies/src/main/java/de/srsoftware/cookies/SessionToken.java b/de.srsoftware.cookies/src/main/java/de/srsoftware/cookies/SessionToken.java index c99b4a9..d274bf7 100644 --- a/de.srsoftware.cookies/src/main/java/de/srsoftware/cookies/SessionToken.java +++ b/de.srsoftware.cookies/src/main/java/de/srsoftware/cookies/SessionToken.java @@ -4,23 +4,24 @@ package de.srsoftware.cookies; import com.sun.net.httpserver.HttpExchange; import java.util.Optional; -import java.util.logging.Logger; -import static java.lang.System.Logger.Level.DEBUG; -import static java.lang.System.Logger.Level.WARNING; public class SessionToken extends Cookie { private final String sessionId; public SessionToken(String sessionId) { - super("sessionToken", sessionId+"; Path=/api"); + super("sessionToken", sessionId + "; Path=/api"); this.sessionId = sessionId; } public static Optional from(HttpExchange ex) { - return Cookie.of(ex).stream().filter(cookie -> cookie.startsWith("sessionToken=")) + return Cookie.of(ex) + .stream() + .filter(cookie -> cookie.startsWith("sessionToken=")) - .map(cookie -> cookie.split("=", 2)[1]).map(id -> new SessionToken(id)).findAny(); + .map(cookie -> cookie.split("=", 2)[1]) + .map(id -> new SessionToken(id)) + .findAny(); } public String sessionId() { diff --git a/de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/Constants.java b/de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/Constants.java index 1750826..a2c03e4 100644 --- a/de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/Constants.java +++ b/de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/Constants.java @@ -2,15 +2,22 @@ package de.srsoftware.oidc.api; public class Constants { + public static final String ACCESS_TOKEN = "access_token"; + public static final String ATUH_CODE = "authorization_code"; + public static final String BEARER = "Bearer"; public static final String CAUSE = "cause"; public static final String CLIENT_ID = "client_id"; + public static final String CLIENT_SECRET = "client_secret"; public static final String CODE = "code"; public static final String CONFIRMED = "confirmed"; + public static final String DEFAULT_KEY = "default_key"; + public static final String EXPIRES_IN = "expires_in"; public static final String GRANT_TYPE = "grant_type"; + public static final String ID_TOKEN = "id_token"; public static final String NAME = "name"; public static final String REDIRECT_URI = "redirect_uri"; public static final String REDIRECT_URIS = "redirect_uris"; public static final String SECRET = "secret"; public static final String STATE = "state"; - public static final String ATUH_CODE = "authorization_code"; + public static final String TOKEN_TYPE = "token_type"; } diff --git a/de.srsoftware.oidc.app/src/main/java/de/srsoftware/oidc/app/Application.java b/de.srsoftware.oidc.app/src/main/java/de/srsoftware/oidc/app/Application.java index 829a525..144b93c 100644 --- a/de.srsoftware.oidc.app/src/main/java/de/srsoftware/oidc/app/Application.java +++ b/de.srsoftware.oidc.app/src/main/java/de/srsoftware/oidc/app/Application.java @@ -52,9 +52,9 @@ public class Application { new Forward(INDEX).bindPath(ROOT).on(server); new WellKnownController().bindPath(WELL_KNOWN).on(server); new UserController(fileStore, fileStore).bindPath(API_USER).on(server); - new TokenController().bindPath(API_TOKEN).on(server); + new TokenController(fileStore).bindPath(API_TOKEN).on(server); new ClientController(fileStore, fileStore, fileStore).bindPath(API_CLIENT).on(server); - //server.setExecutor(Executors.newCachedThreadPool()); + // server.setExecutor(Executors.newCachedThreadPool()); server.setExecutor(Executors.newSingleThreadExecutor()); server.start(); } diff --git a/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java b/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java index 6d3161c..b3aa28f 100644 --- a/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java +++ b/de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java @@ -1,21 +1,27 @@ /* © SRSoftware 2024 */ package de.srsoftware.oidc.backend; -import static de.srsoftware.oidc.api.Constants.ATUH_CODE; -import static de.srsoftware.oidc.api.Constants.GRANT_TYPE; +import static de.srsoftware.oidc.api.Constants.*; import static java.lang.System.Logger.Level.ERROR; import static java.lang.System.Logger.Level.WARNING; import static java.net.HttpURLConnection.HTTP_BAD_REQUEST; -import static java.net.HttpURLConnection.HTTP_NOT_FOUND; import com.sun.net.httpserver.HttpExchange; +import de.srsoftware.oidc.api.Client; +import de.srsoftware.oidc.api.ClientService; import de.srsoftware.oidc.api.PathHandler; import java.io.IOException; -import java.util.Arrays; -import java.util.Map; +import java.util.*; import java.util.stream.Collectors; +import org.json.JSONObject; public class TokenController extends PathHandler { + private final ClientService clients; + + public TokenController(ClientService clientService) { + clients = clientService; + } + private Map deserialize(String body) { return Arrays.stream(body.split("&")).map(s -> s.split("=")).collect(Collectors.toMap(arr -> arr[0], arr -> arr[1])); } @@ -32,10 +38,36 @@ public class TokenController extends PathHandler { private boolean provideToken(HttpExchange ex) throws IOException { var map = deserialize(body(ex)); + // TODO: check Authorization Code, → https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint + // TODO: check Redirect URL LOG.log(WARNING, "post data: {0}", map); LOG.log(ERROR, "{0}.provideToken(ex) not implemented!", getClass().getSimpleName()); var grantType = map.get(GRANT_TYPE); if (!ATUH_CODE.equals(grantType)) sendContent(ex, HTTP_BAD_REQUEST, Map.of(ERROR, "unknown grant type", GRANT_TYPE, grantType)); - return sendEmptyResponse(HTTP_NOT_FOUND, ex); + var optClient = Optional.ofNullable(map.get(CLIENT_ID)).flatMap(clients::getClient); + if (optClient.isEmpty()) { + LOG.log(ERROR, "client not found"); + return sendEmptyResponse(HTTP_BAD_REQUEST, ex); + // TODO: send correct response + } + var secretFromClient = map.get(CLIENT_SECRET); + var client = optClient.get(); + if (!client.secret().equals(secretFromClient)) { + LOG.log(ERROR, "client secret mismatch"); + return sendEmptyResponse(HTTP_BAD_REQUEST, ex); + // TODO: send correct response + } + String jwToken = createJWT(client); + ex.getResponseHeaders().add("Cache-Control", "no-store"); + JSONObject response = new JSONObject(); + response.put(ACCESS_TOKEN, UUID.randomUUID().toString()); // TODO: wofür genau wird der verwendet, was gilt es hier zu beachten + response.put(TOKEN_TYPE, BEARER); + response.put(EXPIRES_IN, 3600); + response.put(ID_TOKEN, jwToken); + return sendContent(ex, response); + } + + private String createJWT(Client client) { + return null; } }