Merge pull request #159 from OWASP/develop

Merge develop to main fixing any instability
OWASP · Nov 19, 2022 · 01bae75 · 01bae75
2 parents aa69ef8 + 1b33859
commit 01bae75
Show file tree

Hide file tree

Showing 7 changed files with 42 additions and 3 deletions.
diff --git a/deploy/docker/docker-compose.yml b/deploy/docker/docker-compose.yml
@@ -19,7 +19,7 @@ services:
     #ports:
     #  - "127.0.0.1:8080:8080"
     volumes:
-      - ./.keys:/.keys
+      - ./keys:/keys
     environment:
       - DB_NAME=crapi
       - DB_USER=admin

diff --git a/deploy/docker/.keys/jwks.json → deploy/docker/keys/jwks.json b/deploy/docker/.keys/jwks.json → deploy/docker/keys/jwks.json
diff --git a/docs/setup.md b/docs/setup.md
@@ -1,6 +1,8 @@
 Setup | crAPI
 =============
 
+> **Note**: Custom jwks key can be passed by adding a *jwks.json* file in *keys* folder in each deployment folder such as `/deploy/docker/keys`
+
 ## Docker and docker-compose
 
 You'll need to have Docker and docker-compose installed and running on your host system. Also, the version of docker-compose should be `1.27.0` or above. Check your docker-compose version using:
@@ -172,4 +174,4 @@ $ cd deploy/vagrant && vagrant destroy
 [VirtualBox]: https://www.virtualbox.org/wiki/Downloads
 
 ## Troubleshooting guide for general issues while installing and running crAPI
-If you need any help with installing and running crAPI you can check out this guide: [Troubleshooting guide crAPI](https://github.com/OWASP/crAPI/blob/main/docs/troubleshooting.md). If this doesn't solve your problem, please create an issue in Github Issues.
+If you need any help with installing and running crAPI you can check out this guide: [Troubleshooting guide crAPI](https://github.com/OWASP/crAPI/blob/main/docs/troubleshooting.md). If this doesn't solve your problem, please create an issue in Github Issues.
diff --git a/services/identity/Dockerfile b/services/identity/Dockerfile
@@ -35,5 +35,6 @@ EXPOSE ${SERVER_PORT}
 
 ENV JAVA_TOOL_OPTIONS "-Xmx128m"
 
+COPY jwks.json default_jwks.json
 COPY entrypoint.sh /entrypoint.sh
 CMD [ "/entrypoint.sh"]
diff --git a/services/identity/entrypoint.sh b/services/identity/entrypoint.sh
@@ -1,7 +1,13 @@
 #!/bin/sh
 set -e
 
-JWKS=$(openssl base64 -in /.keys/jwks.json -A)
+if [ -f /keys/jwks.json ]; then
+  JWKS=$(openssl base64 -in /keys/jwks.json -A)
+else
+  echo "Loading default JWKS file."
+  JWKS=$(openssl base64 -in /default_jwks.json -A)
+fi
+
 java -jar /app/identity-service-1.0-SNAPSHOT.jar --app.jwksJson=$JWKS
 
 exec "$@"
diff --git a/services/identity/jwks.json b/services/identity/jwks.json
@@ -0,0 +1,19 @@
+{
+    "keys": [
+        {
+            "p": "-o_gG3DQK9540fR_-WM9dy1YgTR-WSH8FezYnH6I5jwwPB6ocni8XgkWCAiKOPYjK6nhmoTD7DBEetilFIWVj1P0G5fejp_c3H-uQQdd6JW2NBWHfWpADglIEc4NfUgjQ8cXjT1-oIJpXzpX6KOhWEP0yGNBYns7W8CNxbw58vU",
+            "kty": "RSA",
+            "q": "tW1D1JK53TIiip9uBVl6EGzXWPFwy8QXlZHbfg3TfhURUF5OYey9Ig-qxh74KvQ-uzwMZOYux0EdUe0OmV-p27huY-nusHjpxKL6xUxpqsLWrYTa6ygRHep3_A50ksN_XIn83oAjBlG4TEePzBsMQb6F4HDrEhpdPeYepKa5PNc",
+            "d": "XJu0Vh3Uq5gV5UPMCfm_j6D5INgX7VjLSN8mup4LfUBkJAk9vpQmDYF8gVzpMr3YdBk_Y7MI1BapPVg2i-s2UQR4xJYwpDOfKJactGWzruvfiTOKNIc8Q87WhLl2D4_FGI2jfyYk6itCLOOk1zfZdkjLLNiQg1SDOqC28AT-qKh99wLRKiIuewbJVW5C-0D8YjlquBU6rXdKxONYKnA1NHWfJEbPtsyJIlfUs06wjiMcXrLLc6qy98LL8t0oQcGdUTN4rICGGj-uH3k7-evJyKXC_RECmbcMu2q8GkjZ7lvaVtHh3TGGAA5TTc-7kW3MUjpCLLL06erLxCn3CcGr6Q",
+            "e": "AQAB",
+            "use": "sig",
+            "kid": "MKMZkDenUfuDF2byYowDj7tW5Ox6XG4Y1THTEGScRg8",
+            "qi": "IChXZG2VaA05LVfN-nIX03sAZo7ayetTiFKrhGpdmsODw9AoCbBIx4T4SuPnQQBYVkaCAcseyB1XAjqA4Ebm2yvE6yYo-Q8nP-wEo5Mzm18UimCffMox-uSrig1uhuK9oziV-Y11Ytps8yEQq--9BzVTCs1sXAkLVSaO58kGsm4",
+            "dp": "rl98fnxXU4BjIvJ-MWfAOfVj159ZotxE3FlVMivZSClxBBXt8qRVqze1jmerEhMxzMxQRkHJO9EnhzrIP-zrdbDefGmHqEhW41k0QutGjnvKLpshDMXpyBrrfgChYKPYbu3aVSALxNadUHmA_lUKDyxT6TUyJsBOQf9Sat8gkRU",
+            "alg": "RS256",
+            "dq": "d8mf-o-yJmj-w3ZGh0Ovw36JpREs_20GgVvfh1gLpvi0CNNrf1529jFP-SXjh0Di1m7sZAZTJn5IpJoXhI7UMN2SDWgcj-oVtx5A4tnz_qpMYh8RCCjZPF5eQE8vCuQHiIsXKbWC6p40SDELsaC-M_5emHUV0EsV-1OgMehe79s",
+            "n": "sZKrGYja9S7BkO-waOcupoGY6BQjixJkg1Uitt278NbiCSnBRw5_cmfuWFFFPgRxabBZBJwJAujnQrlgTLXnRRItM9SRO884cEXn-s4Uc8qwk6pev63qb8no6aCVY0dFpthEGtOP-3KIJ2kx2i5HNzm8d7fG3ZswZrttDVbSSTy8UjPTOr4xVw1Yyh_GzGK9i_RYBWHftDsVfKrHcgGn1F_T6W0cgcnh4KFmbyOQ7dUy8Uc6Gu8JHeHJVt2vGcn50EDtUy2YN-UnZPjCSC7vYOfd5teUR_Bf4jg8GN6UnLbr_Et8HUnz9RFBLkPIf0NiY6iRjp9ooSDkml2OGql3ww"
+        }
+    ]
+}
+
diff --git a/services/web/public/.env b/services/web/public/.env
@@ -0,0 +1,11 @@
+DB_NAME=crapi
+DB_USER=crapi
+DB_PASSWORD=crapi
+DB_HOST=postgresdb
+DB_PORT=5432
+SERVER_PORT=8080
+MONGO_DB_HOST=mongodb
+MONGO_DB_PORT=27017
+MONGO_DB_USER=crapi
+MONGO_DB_PASSWORD=crapi
+MONGO_DB_NAME=crapi