kangaroo-and-rabbit/archidata
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[DEBUG] missing remove a last element of Zota

Browse Source
This commit is contained in:
Edouard DUPIN 2024-01-18 23:40:33 +01:00
parent 808784889b
commit 1a2302f548
4 changed files with 46 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.classpath
View File

@ -25,7 +25,7 @@
<attribute name="optional" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-21">
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER">
<attributes>
<attribute name="maven.pomderived" value="true"/>
</attributes>

3
README.md
View File

@ -84,7 +84,6 @@ Reformat XML file like the pom.xml
XMLLINT_INDENT=" " xmllint --format "back/pom.xml" -o "back/pom.xml"
```
Enable the pre-commit checker
-----------------------------
@ -94,6 +93,8 @@ Enable the pre-commit checker
> **_Note_**: You can change the code in `.git/hooks/pre-commit` by replacing `formatter:verify` with `formatter:format` to auto format the code @ every commit
Add Gitea in the dependency for the registry:
=============================================

28
src/org/kar/archidata/filter/AuthenticationFilter.java
View File

@ -42,14 +42,14 @@ public class AuthenticationFilter implements ContainerRequestFilter {
@Context
private ResourceInfo resourceInfo;
protected final String applicationName;
private static final String AUTHENTICATION_SCHEME = "Bearer";
private static final String APIKEY = "ApiKey";
public static final String AUTHENTICATION_SCHEME = "Bearer";
public static final String APIKEY = "ApiKey";
public AuthenticationFilter(final String applicationName) {
this.applicationName = applicationName;
}
@Override
public void filter(final ContainerRequestContext requestContext) throws IOException {
/* logger.debug("-----------------------------------------------------"); logger.debug("---- Check if have authorization ----");
@ -61,7 +61,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
abortWithForbidden(requestContext, "Access blocked !!!");
return;
}
// Access allowed for all
if (method.isAnnotationPresent(PermitAll.class)) {
// logger.debug(" ==> permit all " + requestContext.getUriInfo().getPath());
@ -74,7 +74,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
abortWithForbidden(requestContext, "Access ILLEGAL !!!");
return;
}
// Get the Authorization header from the request
String authorizationHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
String apikeyHeader = requestContext.getHeaderString(APIKEY);
@ -129,7 +129,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
abortWithUnauthorized(requestContext, "get a NULL application ...");
return;
}
}
// create the security context model:
final String scheme = requestContext.getUriInfo().getRequestUri().getScheme();
@ -154,16 +154,16 @@ public class AuthenticationFilter implements ContainerRequestFilter {
requestContext.setSecurityContext(userContext);
// logger.debug("Get local user : {} / {}", user, userByToken);
}
private boolean isTokenBasedAuthentication(final String authorizationHeader) {
// Check if the Authorization header is valid
// It must not be null and must be prefixed with "Bearer" plus a whitespace
// The authentication scheme comparison must be case-insensitive
return authorizationHeader != null && authorizationHeader.toLowerCase().startsWith(AUTHENTICATION_SCHEME.toLowerCase() + " ");
}
private void abortWithUnauthorized(final ContainerRequestContext requestContext, final String message) {
// Abort the filter chain with a 401 status code response
// The WWW-Authenticate header is sent along with the response
LOGGER.warn("abortWithUnauthorized:");
@ -172,18 +172,18 @@ public class AuthenticationFilter implements ContainerRequestFilter {
requestContext.abortWith(Response.status(ret.status).header(HttpHeaders.WWW_AUTHENTICATE, AUTHENTICATION_SCHEME + " base64(HEADER).base64(CONTENT).base64(KEY)").entity(ret)
.type(MediaType.APPLICATION_JSON).build());
}
private void abortWithForbidden(final ContainerRequestContext requestContext, final String message) {
final RestErrorResponse ret = new RestErrorResponse(Response.Status.FORBIDDEN, "FORBIDDEN", message);
LOGGER.error("Error UUID={}", ret.uuid);
requestContext.abortWith(Response.status(ret.status).header(HttpHeaders.WWW_AUTHENTICATE, message).entity(ret).type(MediaType.APPLICATION_JSON).build());
}
protected UserByToken validateToken(final String authorization) throws Exception {
LOGGER.info("Must be Override by the application implmentation, otherwise it dose not work");
return null;
}
// must be override to be good implementation
protected UserByToken validateJwtToken(final String authorization) throws Exception {
// logger.debug(" validate token : " + authorization);

59
src/org/kar/archidata/tools/JWTWrapper.java
View File

@ -11,6 +11,7 @@ import java.util.Map;
import java.util.Set;
import java.util.UUID;
import org.kar.archidata.filter.AuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -33,7 +34,7 @@ import com.nimbusds.jwt.SignedJWT;
class TestSigner implements JWSSigner {
public static String test_signature = "TEST_SIGNATURE_FOR_LOCAL_TEST_AND_TEST_E2E";
/** Signs the specified {@link JWSObject#getSigningInput input} of a {@link JWSObject JWS object}.
*
* @param header The JSON Web Signature (JWS) header. Must specify a supported JWS algorithm and must not be {@code null}.
@ -47,13 +48,13 @@ class TestSigner implements JWSSigner {
public Base64URL sign(final JWSHeader header, final byte[] signingInput) throws JOSEException {
return new Base64URL(test_signature);
}
@Override
public Set<JWSAlgorithm> supportedJWSAlgorithms() {
// TODO Auto-generated method stub
return Set.of(JWSAlgorithm.RS256);
}
@Override
public JCAContext getJCAContext() {
// TODO Auto-generated method stub
@ -63,20 +64,20 @@ class TestSigner implements JWSSigner {
public class JWTWrapper {
static final Logger LOGGER = LoggerFactory.getLogger(JWTWrapper.class);
private static RSAKey rsaJWK = null;;
private static RSAKey rsaJWK = null;
private static RSAKey rsaPublicJWK = null;
public static class PublicKey {
public String key;
public PublicKey(final String key) {
this.key = key;
}
public PublicKey() {}
}
public static void initLocalTokenRemote(final String ssoUri, final String application) throws IOException, ParseException {
// check Token:
final URL obj = new URL(ssoUri + "public_key");
@ -89,14 +90,14 @@ public class JWTWrapper {
con.setRequestProperty("Accept", "application/json");
final String ssoToken = ConfigBaseVariable.ssoToken();
if (ssoToken != null) {
con.setRequestProperty("Authorization", "Zota " + ssoToken);
con.setRequestProperty(AuthenticationFilter.APIKEY, ssoToken);
}
final int responseCode = con.getResponseCode();
// LOGGER.debug("GET Response Code :: {}", responseCode);
if (responseCode == HttpURLConnection.HTTP_OK) { // success
final BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
String inputLine;
final StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
@ -112,7 +113,7 @@ public class JWTWrapper {
}
LOGGER.debug("GET JWT validator token not worked response code {} from {} ", responseCode, obj);
}
public static void initLocalToken(final String baseUUID) throws Exception {
// RSA signatures require a public and private RSA key pair, the public key
// must be made known to the JWS recipient in order to verify the signatures
@ -136,7 +137,7 @@ public class JWTWrapper {
rsaPublicJWK = null;
}
}
public static void initValidateToken(final String publicKey) {
try {
rsaPublicJWK = RSAKey.parse(publicKey);
@ -144,16 +145,16 @@ public class JWTWrapper {
e.printStackTrace();
LOGGER.debug("Can not retrieve public Key !!!!!!!! RSAKey='{}'", publicKey);
}
}
public static String getPublicKeyJson() {
if (rsaPublicJWK == null) {
return null;
}
return rsaPublicJWK.toJSONString();
}
public static java.security.interfaces.RSAPublicKey getPublicKeyJava() throws JOSEException {
if (rsaPublicJWK == null) {
return null;
@ -161,7 +162,7 @@ public class JWTWrapper {
// Convert back to std Java interface
return rsaPublicJWK.toRSAPublicKey();
}
/** Create a token with the provided elements
* @param userID UniqueId of the USER (global unique ID)
* @param userLogin Login of the user (never change)
@ -178,12 +179,12 @@ public class JWTWrapper {
try {
// Create RSA-signer with the private key
final JWSSigner signer = new RSASSASigner(rsaJWK);
LOGGER.warn("timeOutInMunites= {}", timeOutInMunites);
final Date now = new Date();
LOGGER.warn("now = {}", now);
final Date expiration = new Date(new Date().getTime() - 60 * timeOutInMunites * 1000 /* millisecond */);
LOGGER.warn("expiration= {}", expiration);
final JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder().subject(Long.toString(userID)).claim("login", userLogin).claim("application", application).issuer(isuer).issueTime(now)
.expirationTime(expiration); // Do not ask why we need a "-" here ... this have no meaning
@ -194,7 +195,7 @@ public class JWTWrapper {
// Prepare JWT with claims set
final JWTClaimsSet claimsSet = builder.build();
final SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT)/* .keyID(rsaJWK.getKeyID()) */.build(), claimsSet);
// Compute the RSA signature
signedJWT.sign(signer);
// serialize the output...
@ -204,7 +205,7 @@ public class JWTWrapper {
}
return null;
}
public static JWTClaimsSet validateToken(final String signedToken, final String isuer, final String application) {
try {
// On the consumer side, parse the JWS and verify its RSA signature
@ -244,14 +245,12 @@ public class JWTWrapper {
// LOGGER.debug("JWT token is verified 'alice' =?= '" + signedJWT.getJWTClaimsSet().getSubject() + "'");
// LOGGER.debug("JWT token isuer 'https://c2id.com' =?= '" + signedJWT.getJWTClaimsSet().getIssuer() + "'");
return signedJWT.getJWTClaimsSet();
} catch (final JOSEException ex) {
ex.printStackTrace();
} catch (final ParseException e) {
} catch (final JOSEException | ParseException e) {
e.printStackTrace();
}
return null;
}
public static String createJwtTestToken(final long userID, final String userLogin, final String isuer, final String application, final Map<String, Map<String, Object>> rights) {
if (!ConfigBaseVariable.getTestMode()) {
LOGGER.error("Test mode disable !!!!!");
@ -259,10 +258,10 @@ public class JWTWrapper {
}
try {
final int timeOutInMunites = 3600;
final Date now = new Date();
final Date expiration = new Date(new Date().getTime() + timeOutInMunites * 1000 /* ms */);
final JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder().subject(Long.toString(userID)).claim("login", userLogin).claim("application", application).issuer(isuer).issueTime(now)
.expirationTime(expiration); // Do not ask why we need a "-" here ... this have no meaning
// add right if needed:
@ -272,10 +271,10 @@ public class JWTWrapper {
// Prepare JWT with claims set
final JWTClaimsSet claimsSet = builder.build();
final SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT)/* .keyID(rsaJWK.getKeyID()) */.build(), claimsSet);
// Compute the RSA signature
signedJWT.sign(new TestSigner());
// serialize the output...
return signedJWT.serialize();
} catch (final Exception ex) {