-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
bcba63a
commit 695638c
Showing
28 changed files
with
1,169 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
17 changes: 17 additions & 0 deletions
17
gesundheitsid/src/main/java/com/oviva/gesundheitsid/util/JoseModule.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
package com.oviva.gesundheitsid.util; | ||
|
||
import com.fasterxml.jackson.databind.module.SimpleModule; | ||
import com.fasterxml.jackson.databind.ser.std.StdDelegatingSerializer; | ||
import com.nimbusds.jose.jwk.JWK; | ||
import com.nimbusds.jose.jwk.JWKSet; | ||
import com.oviva.gesundheitsid.util.JWKSetDeserializer.JWKDeserializer; | ||
|
||
public class JoseModule extends SimpleModule { | ||
|
||
public JoseModule() { | ||
super("jose"); | ||
addDeserializer(JWK.class, new JWKDeserializer(JWK.class)); | ||
addDeserializer(JWKSet.class, new JWKSetDeserializer(JWKSet.class)); | ||
addSerializer(new StdDelegatingSerializer(JWKSet.class, new JWKSetConverter())); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
99 changes: 99 additions & 0 deletions
99
oidc-server/src/main/java/com/oviva/gesundheitsid/relyingparty/Main.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
package com.oviva.gesundheitsid.relyingparty; | ||
|
||
import com.oviva.gesundheitsid.relyingparty.cfg.Config; | ||
import com.oviva.gesundheitsid.relyingparty.cfg.ConfigProvider; | ||
import com.oviva.gesundheitsid.relyingparty.cfg.EnvConfigProvider; | ||
import com.oviva.gesundheitsid.relyingparty.svc.InMemoryCodeRepo; | ||
import com.oviva.gesundheitsid.relyingparty.svc.InMemorySessionRepo; | ||
import com.oviva.gesundheitsid.relyingparty.svc.KeyStore; | ||
import com.oviva.gesundheitsid.relyingparty.svc.TokenIssuerImpl; | ||
import com.oviva.gesundheitsid.relyingparty.ws.App; | ||
import jakarta.ws.rs.SeBootstrap; | ||
import jakarta.ws.rs.SeBootstrap.Configuration; | ||
import java.net.URI; | ||
import java.util.Arrays; | ||
import java.util.List; | ||
import java.util.Objects; | ||
import java.util.concurrent.ExecutionException; | ||
import java.util.stream.Stream; | ||
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
|
||
public class Main { | ||
|
||
private static final Logger logger = LoggerFactory.getLogger(Main.class); | ||
|
||
private static final String BANNER = | ||
""" | ||
____ _ | ||
/ __ \\_ __(_) _____ _ | ||
/ /_/ / |/ / / |/ / _ `/ | ||
\\____/|___/_/|___/\\_,_/ | ||
GesundheitsID OpenID Connect Relying-Party | ||
"""; | ||
|
||
public static void main(String[] args) throws ExecutionException, InterruptedException { | ||
|
||
var main = new Main(); | ||
main.run(new EnvConfigProvider("OIDC_SERVER", System::getenv)); | ||
} | ||
|
||
private void run(ConfigProvider configProvider) throws ExecutionException, InterruptedException { | ||
logger.atInfo().log("\n" + BANNER); | ||
|
||
var baseUri = URI.create("https://t.oviva.io"); | ||
var validRedirectUris = | ||
List.of(URI.create("https://idp-test.oviva.io/auth/realms/master/broker/oidc/endpoint")); | ||
|
||
var supportedResponseTypes = List.of("code"); | ||
|
||
var port = | ||
configProvider.get("port").stream().mapToInt(Integer::parseInt).findFirst().orElse(1234); | ||
var config = | ||
new Config( | ||
port, | ||
baseUri, // TOOD: hardcoded :) | ||
// configProvider.get("base_uri").map(URI::create).orElse(URI.create("http://localhost:" | ||
// + port)), | ||
supportedResponseTypes, | ||
validRedirectUris // TODO: hardcoded :) | ||
// configProvider.get("redirect_uris").stream() | ||
// .flatMap(this::mustParseCommaList) | ||
// .map(URI::create) | ||
// .toList() | ||
); | ||
|
||
var keyStore = new KeyStore(); | ||
var tokenIssuer = new TokenIssuerImpl(config.baseUri(), keyStore, new InMemoryCodeRepo()); | ||
var sessionRepo = new InMemorySessionRepo(); | ||
|
||
var instance = | ||
SeBootstrap.start( | ||
new App(config, sessionRepo, keyStore, tokenIssuer), | ||
Configuration.builder().host("0.0.0.0").port(config.port()).build()) | ||
.toCompletableFuture() | ||
.get(); | ||
|
||
var localUri = instance.configuration().baseUri(); | ||
logger.atInfo().addKeyValue("local_addr", localUri).log("Magic at {}", config.baseUri()); | ||
|
||
// wait forever | ||
Thread.currentThread().join(); | ||
} | ||
|
||
private Stream<String> mustParseCommaList(String value) { | ||
if (value == null || value.isBlank()) { | ||
return Stream.empty(); | ||
} | ||
|
||
return Arrays.stream(value.split(",")).map(this::trimmed).filter(Objects::nonNull); | ||
} | ||
|
||
private String trimmed(String value) { | ||
if (value == null || value.isBlank()) { | ||
return null; | ||
} | ||
|
||
return value.trim(); | ||
} | ||
} |
7 changes: 7 additions & 0 deletions
7
oidc-server/src/main/java/com/oviva/gesundheitsid/relyingparty/cfg/Config.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
package com.oviva.gesundheitsid.relyingparty.cfg; | ||
|
||
import java.net.URI; | ||
import java.util.List; | ||
|
||
public record Config( | ||
int port, URI baseUri, List<String> supportedResponseTypes, List<URI> validRedirectUris) {} |
7 changes: 7 additions & 0 deletions
7
oidc-server/src/main/java/com/oviva/gesundheitsid/relyingparty/cfg/ConfigProvider.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
package com.oviva.gesundheitsid.relyingparty.cfg; | ||
|
||
import java.util.Optional; | ||
|
||
public interface ConfigProvider { | ||
Optional<String> get(String name); | ||
} |
26 changes: 26 additions & 0 deletions
26
oidc-server/src/main/java/com/oviva/gesundheitsid/relyingparty/cfg/EnvConfigProvider.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
package com.oviva.gesundheitsid.relyingparty.cfg; | ||
|
||
import java.util.Locale; | ||
import java.util.Optional; | ||
import java.util.function.Function; | ||
|
||
public class EnvConfigProvider implements ConfigProvider { | ||
|
||
private final String prefix; | ||
private final Function<String, String> getenv; | ||
|
||
public EnvConfigProvider(String prefix, Function<String, String> getenv) { | ||
this.prefix = prefix; | ||
this.getenv = getenv; | ||
} | ||
|
||
@Override | ||
public Optional<String> get(String name) { | ||
|
||
var mangled = prefix + "_" + name; | ||
mangled = mangled.toUpperCase(Locale.ROOT); | ||
mangled = mangled.replaceAll("[^A-Z0-9]", "_"); | ||
|
||
return Optional.ofNullable(getenv.apply(mangled)); | ||
} | ||
} |
11 changes: 11 additions & 0 deletions
11
oidc-server/src/main/java/com/oviva/gesundheitsid/relyingparty/svc/CodeRepo.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
package com.oviva.gesundheitsid.relyingparty.svc; | ||
|
||
import com.oviva.gesundheitsid.relyingparty.svc.TokenIssuer.Code; | ||
import java.util.Optional; | ||
|
||
public interface CodeRepo { | ||
|
||
void save(Code code); | ||
|
||
Optional<Code> remove(String code); | ||
} |
23 changes: 23 additions & 0 deletions
23
oidc-server/src/main/java/com/oviva/gesundheitsid/relyingparty/svc/InMemoryCodeRepo.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
package com.oviva.gesundheitsid.relyingparty.svc; | ||
|
||
import com.oviva.gesundheitsid.relyingparty.svc.TokenIssuer.Code; | ||
import edu.umd.cs.findbugs.annotations.NonNull; | ||
import java.util.Optional; | ||
import java.util.concurrent.ConcurrentHashMap; | ||
import java.util.concurrent.ConcurrentMap; | ||
|
||
public class InMemoryCodeRepo implements CodeRepo { | ||
|
||
private final ConcurrentMap<String, Code> store = new ConcurrentHashMap<>(); | ||
|
||
@Override | ||
public void save(@NonNull Code code) { | ||
store.put(code.code(), code); | ||
} | ||
|
||
@NonNull | ||
@Override | ||
public Optional<Code> remove(String code) { | ||
return Optional.ofNullable(store.remove(code)); | ||
} | ||
} |
35 changes: 35 additions & 0 deletions
35
oidc-server/src/main/java/com/oviva/gesundheitsid/relyingparty/svc/InMemorySessionRepo.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
package com.oviva.gesundheitsid.relyingparty.svc; | ||
|
||
import com.oviva.gesundheitsid.relyingparty.util.IdGenerator; | ||
import edu.umd.cs.findbugs.annotations.NonNull; | ||
import edu.umd.cs.findbugs.annotations.Nullable; | ||
import java.util.concurrent.ConcurrentHashMap; | ||
import java.util.concurrent.ConcurrentMap; | ||
|
||
public class InMemorySessionRepo implements SessionRepo { | ||
|
||
private final ConcurrentMap<String, Session> repo = new ConcurrentHashMap<>(); | ||
|
||
@Override | ||
public String save(@NonNull Session session) { | ||
if (session.id() != null) { | ||
throw new IllegalStateException( | ||
"session already has an ID=%s, already saved?".formatted(session.id())); | ||
} | ||
|
||
var id = IdGenerator.generateID(); | ||
session = | ||
new Session( | ||
id, session.state(), session.nonce(), session.redirectUri(), session.clientId()); | ||
|
||
repo.put(id, session); | ||
|
||
return id; | ||
} | ||
|
||
@Nullable | ||
@Override | ||
public Session load(@NonNull String sessionId) { | ||
return repo.get(sessionId); | ||
} | ||
} |
29 changes: 29 additions & 0 deletions
29
oidc-server/src/main/java/com/oviva/gesundheitsid/relyingparty/svc/KeyStore.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
package com.oviva.gesundheitsid.relyingparty.svc; | ||
|
||
import com.nimbusds.jose.JOSEException; | ||
import com.nimbusds.jose.jwk.Curve; | ||
import com.nimbusds.jose.jwk.ECKey; | ||
import com.nimbusds.jose.jwk.KeyUse; | ||
import com.nimbusds.jose.jwk.gen.ECKeyGenerator; | ||
|
||
public class KeyStore { | ||
|
||
private final ECKey signingKey; | ||
|
||
public KeyStore() { | ||
|
||
try { | ||
this.signingKey = | ||
new ECKeyGenerator(Curve.P_256) | ||
.keyIDFromThumbprint(false) | ||
.keyUse(KeyUse.SIGNATURE) | ||
.generate(); | ||
} catch (JOSEException e) { | ||
throw new IllegalStateException("failed to generate EC signing key", e); | ||
} | ||
} | ||
|
||
public ECKey signingKey() { | ||
return signingKey; | ||
} | ||
} |
13 changes: 13 additions & 0 deletions
13
oidc-server/src/main/java/com/oviva/gesundheitsid/relyingparty/svc/SessionRepo.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
package com.oviva.gesundheitsid.relyingparty.svc; | ||
|
||
import edu.umd.cs.findbugs.annotations.NonNull; | ||
import java.net.URI; | ||
|
||
public interface SessionRepo { | ||
|
||
String save(@NonNull Session session); | ||
|
||
Session load(@NonNull String sessionId); | ||
|
||
record Session(String id, String state, String nonce, URI redirectUri, String clientId) {} | ||
} |
Oops, something went wrong.