Skip to content

Commit

Permalink
v3.0.4
Browse files Browse the repository at this point in the history
  • Loading branch information
@Gematik-Entwicklung @RStaeber
Gematik-Entwicklung authored and RStaeber committed Oct 23, 2023
1 parent cb34fd7 commit 0f45ff4
Show file tree
Hide file tree
Showing 16 changed files with 133 additions and 37 deletions.
4 changes: 4 additions & 0 deletions ReleaseNotes.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
# Release 3.0.4

- fix missing iat and iss in signedJwks structure

# Release 3.0.2

- structure of signed Jwks of relying party fixed
Expand Down
2 changes: 1 addition & 1 deletion gsi-coverage-report/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<parent>
<groupId>de.gematik.idp</groupId>
<artifactId>gemSekIdp-global</artifactId>
<version>3.0.2</version>
<version>3.0.4</version>
<relativePath>../pom.xml</relativePath>
</parent>

Expand Down
4 changes: 2 additions & 2 deletions gsi-server/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,13 @@
<parent>
<groupId>de.gematik.idp</groupId>
<artifactId>gemSekIdp-global</artifactId>
<version>3.0.2</version>
<version>3.0.4</version>
<relativePath>../pom.xml</relativePath>
</parent>


<artifactId>gsi-server</artifactId>
<version>3.0.2</version>
<version>3.0.4</version>
<packaging>jar</packaging>

<name>gsi-server</name>
Expand Down
6 changes: 6 additions & 0 deletions gsi-server/src/main/java/de/gematik/idp/gsi/server/FlowBeanCreation.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
package de.gematik.idp.gsi.server;

import de.gematik.idp.gsi.server.services.EntityStatementBuilder;
import de.gematik.idp.gsi.server.services.JwksBuilder;
import lombok.RequiredArgsConstructor;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
Expand All @@ -29,4 +30,9 @@ public class FlowBeanCreation {
public EntityStatementBuilder entityStatementBuilder() {
return new EntityStatementBuilder();
}

@Bean
public JwksBuilder jwksBuilder() {
return new JwksBuilder();
}
}
13 changes: 6 additions & 7 deletions gsi-server/src/main/java/de/gematik/idp/gsi/server/KeyConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,23 +41,22 @@ public class KeyConfiguration implements KeyConfigurationBase {
private final GsiConfiguration gsiConfiguration;

@Bean
public FederationPrivKey entityStatementSigKey() {
return getFederationPrivKey(gsiConfiguration.getSigKeyConfig());
public FederationPrivKey esSigKey() {
return getFederationPrivKey(gsiConfiguration.getEsSigKeyConfig());
}

@Bean
public FederationPrivKey tokenSigKey() {
return getFederationPrivKey(gsiConfiguration.getTokenKeyConfig());
return getFederationPrivKey(gsiConfiguration.getTokenSigKeyConfig());
}

@Bean
public IdpJwtProcessor jwtProcessorSigKey() {
return new IdpJwtProcessor(
entityStatementSigKey().getIdentity(), entityStatementSigKey().getKeyId());
public IdpJwtProcessor jwtProcessorEsSigKey() {
return new IdpJwtProcessor(esSigKey().getIdentity(), esSigKey().getKeyId());
}

@Bean
public IdpJwtProcessor jwtProcessorTokenKey() {
public IdpJwtProcessor jwtProcessorTokenSigKey() {
return new IdpJwtProcessor(tokenSigKey().getIdentity(), tokenSigKey().getKeyId());
}

Expand Down
4 changes: 2 additions & 2 deletions gsi-server/src/main/java/de/gematik/idp/gsi/server/configuration/GsiConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ public class GsiConfiguration {

private String serverUrl;
private String fedmasterUrl;
private KeyConfig sigKeyConfig;
private KeyConfig tokenKeyConfig;
private KeyConfig esSigKeyConfig;
private KeyConfig tokenSigKeyConfig;
private String loglevel;
}
18 changes: 9 additions & 9 deletions gsi-server/src/main/java/de/gematik/idp/gsi/server/controller/FedIdpController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@
import de.gematik.idp.gsi.server.services.AuthenticationService;
import de.gematik.idp.gsi.server.services.EntityStatementBuilder;
import de.gematik.idp.gsi.server.services.EntityStatementRpService;
import de.gematik.idp.gsi.server.services.JwksBuilder;
import de.gematik.idp.gsi.server.services.SektoralIdpAuthenticator;
import de.gematik.idp.gsi.server.services.ServerUrlService;
import de.gematik.idp.gsi.server.token.IdTokenBuilder;
Expand All @@ -75,7 +76,6 @@
import lombok.extern.slf4j.Slf4j;
import org.jose4j.lang.JoseException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.io.ResourceLoader;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
Expand Down Expand Up @@ -103,13 +103,13 @@ public class FedIdpController {
private final SektoralIdpAuthenticator sektoralIdpAuthenticator;
private final AuthenticationService authenticationService;
private final ServerUrlService serverUrlService;
private final IdpJwtProcessor jwtProcessorSigKey;
private final IdpJwtProcessor jwtProcessorTokenKey;
private final IdpJwtProcessor jwtProcessorEsSigKey;
private final IdpJwtProcessor jwtProcessorTokenSigKey;
private final ObjectMapper objectMapper;
private final GsiConfiguration gsiConfiguration;
private final ResourceLoader resourceLoader;
private final JwksBuilder jwksBuilder;

@Autowired FederationPrivKey entityStatementSigKey;
@Autowired FederationPrivKey esSigKey;
@Autowired FederationPrivKey tokenSigKey;

// TODO: delete oldest entry
Expand All @@ -127,7 +127,7 @@ private static void setNoCacheHeader(final HttpServletResponse response) {
produces = "application/entity-statement+jwt;charset=UTF-8")
public String getEntityStatement() {
return JwtHelper.signJson(
jwtProcessorSigKey,
jwtProcessorEsSigKey,
objectMapper,
entityStatementBuilder.buildEntityStatement(
serverUrlService.determineServerUrl(), gsiConfiguration.getFedmasterUrl()),
Expand All @@ -138,9 +138,9 @@ public String getEntityStatement() {
@GetMapping(value = FED_SIGNED_JWKS_ENDPOINT, produces = "application/jwk-set+json;charset=UTF-8")
public String getSignedJwks() {
return JwtHelper.signJson(
jwtProcessorSigKey,
jwtProcessorEsSigKey,
objectMapper,
JwtHelper.getJwks(entityStatementSigKey, tokenSigKey),
jwksBuilder.build(serverUrlService.determineServerUrl()),
"jwk-set+json");
}

Expand Down Expand Up @@ -300,7 +300,7 @@ public TokenResponse getTokensForCode(

final IdTokenBuilder idTokenBuilder =
new IdTokenBuilder(
jwtProcessorTokenKey,
jwtProcessorTokenSigKey,
serverUrlService.determineServerUrl(),
session.getRequestedScopes(),
session.getFachdienstNonce(),
Expand Down
38 changes: 38 additions & 0 deletions gsi-server/src/main/java/de/gematik/idp/gsi/server/data/SignedJwksBody.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
/*
* Copyright 2023 gematik GmbH
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package de.gematik.idp.gsi.server.data;

import com.fasterxml.jackson.databind.PropertyNamingStrategies;
import com.fasterxml.jackson.databind.annotation.JsonNaming;
import de.gematik.idp.data.IdpKeyDescriptor;
import java.util.List;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Getter;
import lombok.NoArgsConstructor;

@Getter
@Builder
@NoArgsConstructor
@AllArgsConstructor
@JsonNaming(PropertyNamingStrategies.SnakeCaseStrategy.class)
public class SignedJwksBody {

private String iss;
private long iat;
private List<IdpKeyDescriptor> keys;
}
4 changes: 2 additions & 2 deletions gsi-server/src/main/java/de/gematik/idp/gsi/server/services/EntityStatementBuilder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
public class EntityStatementBuilder {

private static final int ENTITY_STATEMENT_TTL_DAYS = 7;
@Autowired FederationPrivKey entityStatementSigKey;
@Autowired FederationPrivKey esSigKey;
@Autowired FederationPrivKey tokenSigKey;

public EntityStatement buildEntityStatement(final String serverUrl, final String fedmasterUrl) {
Expand All @@ -47,7 +47,7 @@ public EntityStatement buildEntityStatement(final String serverUrl, final String
.iat(currentTime.toEpochSecond())
.iss(serverUrl)
.sub(serverUrl)
.jwks(JwtHelper.getJwks(entityStatementSigKey, tokenSigKey))
.jwks(JwtHelper.getJwks(esSigKey, tokenSigKey))
.authorityHints(new String[] {fedmasterUrl})
.metadata(getMetadata(serverUrl))
.build();
Expand Down
42 changes: 42 additions & 0 deletions gsi-server/src/main/java/de/gematik/idp/gsi/server/services/JwksBuilder.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
/*
* Copyright 2023 gematik GmbH
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package de.gematik.idp.gsi.server.services;

import de.gematik.idp.data.FederationPrivKey;
import de.gematik.idp.data.JwtHelper;
import de.gematik.idp.gsi.server.data.SignedJwksBody;
import java.time.ZonedDateTime;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;

@RequiredArgsConstructor
@Slf4j
public class JwksBuilder {

@Autowired FederationPrivKey esSigKey;
@Autowired FederationPrivKey tokenSigKey;

public SignedJwksBody build(final String serverUrl) {
final ZonedDateTime currentTime = ZonedDateTime.now();
return SignedJwksBody.builder()
.iat(currentTime.toEpochSecond())
.iss(serverUrl)
.keys(JwtHelper.getJwks(esSigKey, tokenSigKey).getKeys())
.build();
}
}
4 changes: 2 additions & 2 deletions gsi-server/src/main/resources/application.yml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
gsi:
sigKeyConfig:
esSigKeyConfig:
fileName: classpath:cert/ref-es-sig.p12
keyId: puk_idp_sig
use: sig
tokenKeyConfig:
tokenSigKeyConfig:
fileName: classpath:cert/ref-es-sig.p12
keyId: puk_fed_idp_token
use: sig
Expand Down
15 changes: 7 additions & 8 deletions gsi-server/src/test/java/de/gematik/idp/gsi/server/configuration/GsiConfigurationTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,27 +36,26 @@ class GsiConfigurationTest {
@Test
void fullIntTestComponent() {
assertThat(gsiConfiguration).isNotNull();
assertThat(gsiConfiguration.getSigKeyConfig()).isNotNull();
assertThat(gsiConfiguration.getTokenKeyConfig()).isNotNull();
assertThat(gsiConfiguration.getEsSigKeyConfig()).isNotNull();
assertThat(gsiConfiguration.getTokenSigKeyConfig()).isNotNull();
}

@Test
void testBuildComponent() {
final GsiConfiguration gsiConfig =
GsiConfiguration.builder()
.sigKeyConfig(new KeyConfig("a", "b", "c", false))
.tokenKeyConfig(new KeyConfig("d", "e", "f", false))
.esSigKeyConfig(new KeyConfig("a", "b", "c", false))
.tokenSigKeyConfig(new KeyConfig("d", "e", "f", false))
.serverUrl("serverurl")
.build();
gsiConfig.setServerUrl("newUrl");
assertThat(gsiConfig).isNotNull();
assertThat(gsiConfig.getServerUrl()).isEqualTo("newUrl");
assertThat(gsiConfig.getSigKeyConfig()).isNotNull();
assertThat(gsiConfig.getTokenKeyConfig()).isNotNull();
assertThat(gsiConfig.getEsSigKeyConfig()).isNotNull();
assertThat(gsiConfig.getTokenSigKeyConfig()).isNotNull();
assertThat(GsiConfiguration.builder().toString()).hasSizeGreaterThan(0);

assertThatThrownBy(
() -> new KeyConfiguration(resourceLoader, gsiConfig).entityStatementSigKey())
assertThatThrownBy(() -> new KeyConfiguration(resourceLoader, gsiConfig).esSigKey())
.isInstanceOf(GsiException.class);
}
}
2 changes: 1 addition & 1 deletion gsi-server/src/test/java/de/gematik/idp/gsi/server/controller/FedIdpControllerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -248,7 +248,7 @@ void signedJwksResponse_JoseHeader() {

@Test
void signedJwksResponse_BodyClaims() {
assertThat(sigendJwks.extractBodyClaims()).containsOnlyKeys("keys");
assertThat(sigendJwks.extractBodyClaims()).containsOnlyKeys("keys", "iss", "iat");
}

@Test
Expand Down
4 changes: 2 additions & 2 deletions gsi-testsuite/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,12 @@
<parent>
<groupId>de.gematik.idp</groupId>
<artifactId>gemSekIdp-global</artifactId>
<version>3.0.2</version>
<version>3.0.4</version>
<relativePath>../pom.xml</relativePath>
</parent>

<artifactId>gsi-testsuite</artifactId>
<version>3.0.2</version>
<version>3.0.4</version>
<packaging>jar</packaging>
<description>Testsuite fuer sektorale IDPs</description>

Expand Down
8 changes: 8 additions & 0 deletions gsi-testsuite/src/test/resources/features/idpsektoralSignedJwks.feature
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,14 @@ Feature: Test signed Jwks of IdpSektoral
Given TGR clear recorded messages
And Send Get Request to "${signed_jwks_uri}"
And TGR find request to path ".*"
Then TGR current response at "$.body.body" matches as JSON:
"""
{
iss: '.*',
iat: "${json-unit.ignore}",
keys: "${json-unit.ignore}"
}
"""
Then TGR current response at "$.body.body.keys.0" matches as JSON:
"""
{
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@

<groupId>de.gematik.idp</groupId>
<artifactId>gemSekIdp-global</artifactId>
<version>3.0.2</version>
<version>3.0.4</version>
<packaging>pom</packaging>

<description>gsi - gematik sektoraler IDP</description>
Expand Down

0 comments on commit 0f45ff4

Please sign in to comment.