[admin] clients universal signatures adapter

malach-it · Dec 20, 2024 · 2fe5ae1 · 2fe5ae1
1 parent 40cb540
commit 2fe5ae1
Show file tree

Hide file tree

Showing 9 changed files with 47 additions and 29 deletions.
diff --git a/apps/boruta_admin/assets/src/components/Forms/ClientForm.vue b/apps/boruta_admin/assets/src/components/Forms/ClientForm.vue
@@ -102,27 +102,30 @@
         </div>
       </div>
       <div ref="security" data-tab="security" class="ui bottom attached tab segment">
-        <h3>Signatures backend</h3>
-        <div class="field" :class="{ 'error': client.errors?.signatures_backend }">
-          <select v-model="client.signatures_backend">
-            <option v-for="backend in signaturesBackends" :value="backend">{{ backend }}</option>
+        <h3>Signatures adapter</h3>
+        <div class="field" :class="{ 'error': client.errors?.signatures_adapter }">
+          <select v-model="client.signatures_adapter">
+            <option v-for="adapter in signaturesAdapters" :value="adapter">{{ adapter }}</option>
           </select>
         </div>
 
-        <div class="ui segment" v-if="client.signatures_backend == 'Elixir.Boruta.Universal.Signatures'">
+        <div class="ui segment" v-if="client.signatures_adapter == 'Elixir.Boruta.Universal.Signatures'">
           <div class="ui info message">
-            The usage of the Universal backend requires an account, please contact Godiddy services <a href="https://godiddy.com/contact" target="_blank">https://godiddy.com/contact</a>
-          </div>
-          <div class="field" :class="{ 'error': client.errors?.universal_api_key }">
-            <label>Universal API key</label>
-            <input type="text" v-model="client.universal_api_key" placeholder="00000000-0000-0000-0000-000000000000">
+            The usage of the Universal adapter requires an account, please contact Godiddy services <a href="https://godiddy.com/contact" target="_blank">https://godiddy.com/contact</a> and set the API key as an environment variable.
           </div>
           <h4>Key management</h4>
+          <h4>Key type</h4>
+          <div class="field" :class="{ 'error': client.errors?.key_pair_type }">
+            <select v-model="client.key_pair_type.type">
+              <option value="universal">
+                universal
+              </option>
+            </select>
+          </div>
           <div class="field">
             <label>method</label>
             <select>
               <option value="key">key</option>
-              <option value="indy">indy</option>
             </select>
           </div>
           <hr />
@@ -134,9 +137,9 @@
             <label>Client public key</label>
             <pre>{{ clientPublicKey }}</pre>
           </div>
-          <a class="ui fluid orange button" v-if="client.isPersisted">Regenerate Universal client did</a>
+          <a class="ui fluid orange button" @click="regenerateKeyPair()" v-if="client.isPersisted">Regenerate client key pair</a>
         </div>
-        <div class="ui segment" v-if="client.signatures_backend == 'Elixir.Boruta.Internal.Signatures'">
+        <div class="ui segment" v-if="client.signatures_adapter == 'Elixir.Boruta.Internal.Signatures'">
           <h4>Key type</h4>
           <div class="field" :class="{ 'error': client.errors?.key_pair_type }">
             <select v-model="client.key_pair_type.type">
@@ -276,7 +279,7 @@ export default {
   data() {
     return {
       keyPairTypes: Client.keyPairTypes,
-      signaturesBackends: Client.signaturesBackends,
+      signaturesAdapters: Client.signaturesAdapters,
       keyPairs: [],
       idTokenSignatureAlgorithms: Client.idTokenSignatureAlgorithms,
       UserinfoResponseSignatureAlgorithms: Client.UserinfoResponseSignatureAlgorithms,

diff --git a/apps/boruta_admin/assets/src/models/client.model.js b/apps/boruta_admin/assets/src/models/client.model.js
@@ -21,7 +21,7 @@ const keyPairTypes = {
   'rsa': { modulus_size: '1024', exponent_size: '65537' }
 }
 
-const signaturesBackends = [
+const signaturesAdapters = [
   'Elixir.Boruta.Internal.Signatures',
   'Elixir.Boruta.Universal.Signatures'
 ]
@@ -30,6 +30,7 @@ const defaults = {
   errors: null,
   key_pair_id: null,
   key_pair_type: { type: 'rsa', modulus_size: '1024', exponent_size: '65537' },
+  signatures_adapter: 'Elixir.Boruta.Internal.Signatures',
   authorize_scopes: false,
   authorized_scopes: [],
   redirect_uris: [],
@@ -42,8 +43,7 @@ const defaults = {
       value: true,
       label
     }
-  }),
-  signatures_backend: 'Elixir.Boruta.Internal.Signatures'
+  })
 }
 
 const assign = {
@@ -53,6 +53,7 @@ const assign = {
   pkce: function ({ pkce }) { this.pkce = pkce },
   public_key: function ({ public_key }) { this.public_key = public_key },
   key_pair_type: function ({ key_pair_type }) { this.key_pair_type = key_pair_type },
+  signatures_adapter: function ({ signatures_adapter }) { this.signatures_adapter = signatures_adapter },
   did: function ({ did }) { this.did = did },
   access_token_ttl: function ({ access_token_ttl }) { this.access_token_ttl = access_token_ttl },
   authorization_code_ttl: function ({ authorization_code_ttl }) { this.authorization_code_ttl = authorization_code_ttl },
@@ -233,6 +234,7 @@ class Client {
       jwt_public_key,
       key_pair_id,
       key_pair_type,
+      signatures_adapter,
       response_mode
     } = this
 
@@ -265,14 +267,15 @@ class Client {
       jwt_public_key,
       key_pair_id,
       key_pair_type,
+      signatures_adapter,
       response_mode
     }
   }
 }
 
 Client.keyPairTypes = keyPairTypes
 
-Client.signaturesBackends = signaturesBackends
+Client.signaturesAdapters = signaturesAdapters
 
 Client.api = function () {
   const accessToken = localStorage.getItem('access_token')
@@ -302,6 +305,7 @@ Client.get = function (id) {
 }
 
 Client.idTokenSignatureAlgorithms = [
+  "EdDSA",
   "ES256",
   "ES384",
   "ES512",
@@ -327,6 +331,7 @@ Client.clientJwtAuthenticationSignatureAlgorithms = [
 
 Client.UserinfoResponseSignatureAlgorithms = [
   null,
+  "EdDSA",
   "ES256",
   "ES384",
   "ES512",

diff --git a/apps/boruta_admin/lib/boruta_admin_web/views/client_view.ex b/apps/boruta_admin/lib/boruta_admin_web/views/client_view.ex
@@ -36,6 +36,7 @@ defmodule BorutaAdminWeb.ClientView do
       pkce: client.pkce,
       public_key: client.public_key,
       key_pair_type: client.key_pair_type,
+      signatures_adapter: client.signatures_adapter,
       did: client.did,
       identity_provider: %{
         id: identity_provider.id,

diff --git a/apps/boruta_auth/mix.exs b/apps/boruta_auth/mix.exs
@@ -24,7 +24,7 @@ defmodule BorutaAuth.MixProject do
 
   defp deps do
     [
-      {:boruta, git: "https://github.com/malach-it/boruta_auth"},
+      {:boruta, git: "https://github.com/malach-it/boruta_auth", branch: "signatures-adapter"},
       {:logger_file_backend, "~> 0.0.13"},
       {:quantum, "~> 3.0"}
     ]

diff --git a/apps/boruta_auth/priv/repo/migrations/20241220104923_clients_signatures_adapters.exs b/apps/boruta_auth/priv/repo/migrations/20241220104923_clients_signatures_adapters.exs
@@ -0,0 +1,5 @@
+defmodule BorutaAuth.Repo.Migrations.ClientsSignaturesAdapters do
+  use Ecto.Migration
+
+  use Boruta.Migrations.ClientsSignaturesAdapters
+end
diff --git a/apps/boruta_web/test/boruta_web/controllers/credential_controller_test.exs b/apps/boruta_web/test/boruta_web/controllers/credential_controller_test.exs
@@ -6,7 +6,7 @@ defmodule BorutaWeb.CredentialControllerTest do
 
   alias Boruta.Config
   alias Boruta.Ecto.Token
-  alias Boruta.VerifiableCredentials
+  alias Boruta.Internal.Signatures
   alias BorutaIdentity.Accounts.User
 
   setup %{conn: conn} do
@@ -23,7 +23,7 @@ defmodule BorutaWeb.CredentialControllerTest do
       })
 
     {:ok, token, _claims} =
-      VerifiableCredentials.Token.generate_and_sign(
+      Signatures.Token.generate_and_sign(
         %{
           "aud" => Config.issuer(),
           "iat" => :os.system_time(:seconds)
@@ -96,7 +96,7 @@ defmodule BorutaWeb.CredentialControllerTest do
       })
 
     {:ok, token, _claims} =
-      VerifiableCredentials.Token.generate_and_sign(
+      Signatures.Token.generate_and_sign(
         %{
           "aud" => Config.issuer(),
           "iat" => :os.system_time(:seconds)

diff --git a/apps/boruta_web/test/boruta_web/controllers/oauth/direct_post_test.exs b/apps/boruta_web/test/boruta_web/controllers/oauth/direct_post_test.exs
@@ -1,7 +1,7 @@
 defmodule BorutaWeb.Integration.DirectPostTest do
   use BorutaWeb.ConnCase, async: false
 
-  alias Boruta.VerifiableCredentials
+  alias Boruta.Internal.Signatures
 
   setup %{conn: conn} do
     client = Boruta.Factory.insert(:client, id_token_signature_alg: "RS512")
@@ -23,7 +23,7 @@ defmodule BorutaWeb.Integration.DirectPostTest do
       })
 
     {:ok, id_token, _claims} =
-      VerifiableCredentials.Token.generate_and_sign(
+      Signatures.Token.generate_and_sign(
         %{
           "iss" =>
             "did:jwk:eyJlIjoiQVFBQiIsImt0eSI6IlJTQSIsIm4iOiIxUGFQX2diWGl4NWl0alJDYWVndklfQjNhRk9lb3hsd1BQTHZmTEhHQTRRZkRtVk9mOGNVOE91WkZBWXpMQXJXM1BubndXV3kzOW5WSk94NDJRUlZHQ0dkVUNtVjdzaERIUnNyODYtMkRsTDdwd1VhOVF5SHNUajg0ZkFKbjJGdjloOW1xckl2VXpBdEVZUmxHRnZqVlRHQ3d6RXVsbHBzQjBHSmFmb3BVVEZieThXZFNxM2RHTEpCQjFyLVE4UXRabkF4eHZvbGh3T21Za0Jra2lkZWZtbTQ4WDdoRlhMMmNTSm0yRzd3UXlpbk9leV9VOHhEWjY4bWdUYWtpcVMyUnRqbkZEMGRucEJsNUNZVGU0czZvWktFeUZpRk5pVzRLa1IxR1Zqc0t3WTlvQzJ0cHlRMEFFVU12azlUOVZkSWx0U0lpQXZPS2x3RnpMNDljZ3daRHcifQ"

diff --git a/apps/boruta_web/test/boruta_web/controllers/oauth/openid_connect_test.exs b/apps/boruta_web/test/boruta_web/controllers/oauth/openid_connect_test.exs
@@ -369,7 +369,8 @@ defmodule BorutaWeb.Integration.OpenidConnectTest do
                      "RS512",
                      "HS256",
                      "HS384",
-                     "HS512"
+                     "HS512",
+                     "EdDSA"
                    ],
                    "cryptographic_binding_methods_supported" => ["did:jwk", "did:key"],
                    "display" => [
@@ -404,7 +405,8 @@ defmodule BorutaWeb.Integration.OpenidConnectTest do
                  "RS512",
                  "HS256",
                  "HS384",
-                 "HS512"
+                 "HS512",
+                 "EdDSA"
                ],
                "issuer" => "http://localhost:4000",
                "jwks_uri" => "http://localhost:4000/openid/jwks",
@@ -418,7 +420,8 @@ defmodule BorutaWeb.Integration.OpenidConnectTest do
                  "RS512",
                  "HS256",
                  "HS384",
-                 "HS512"
+                 "HS512",
+                 "EdDSA"
                ],
                "response_modes_supported" => ["query", "fragment"],
                "response_types_supported" => [
@@ -449,7 +452,8 @@ defmodule BorutaWeb.Integration.OpenidConnectTest do
                  "RS512",
                  "HS256",
                  "HS384",
-                 "HS512"
+                 "HS512",
+                 "EdDSA"
                ]
              }
     end

diff --git a/mix.lock b/mix.lock
@@ -2,7 +2,7 @@
   "argon2_elixir": {:hex, :argon2_elixir, "2.4.1", "edb27bdd326bc738f3e4614eddc2f73507be6fedc9533c6bcc6f15bbac9c85cc", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "0e21f52a373739d00bdfd5fe6da2f04eea623cb4f66899f7526dd9db03903d9f"},
   "asn1_compiler": {:hex, :asn1_compiler, "0.1.1", "64a4e52b59d1f225878445ace2c75cd2245b13a5a81182304fd9dc5acfc8994e", [:mix], [], "hexpm", "c250d24c22f1a3f305d88864400f9ac2df55c6886e1e3a030e2946efeb94695e"},
   "bcrypt_elixir": {:hex, :bcrypt_elixir, "3.1.0", "0b110a9a6c619b19a7f73fa3004aa11d6e719a67e672d1633dc36b6b2290a0f7", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "2ad2acb5a8bc049e8d5aa267802631912bb80d5f4110a178ae7999e69dca1bf7"},
-  "boruta": {:git, "https://github.com/malach-it/boruta_auth", "be856cb4b213efdb5c9c71ad4451b32e89263ea7", []},
+  "boruta": {:git, "https://github.com/malach-it/boruta_auth", "aff1a119c0bb7e955621d7c534b8f6ed1320d75e", [branch: "signatures-adapter"]},
   "bunt": {:hex, :bunt, "1.0.0", "081c2c665f086849e6d57900292b3a161727ab40431219529f13c4ddcf3e7a44", [:mix], [], "hexpm", "dc5f86aa08a5f6fa6b8096f0735c4e76d54ae5c9fa2c143e5a1fc7c1cd9bb6b5"},
   "bypass": {:hex, :bypass, "2.1.0", "909782781bf8e20ee86a9cabde36b259d44af8b9f38756173e8f5e2e1fabb9b1", [:mix], [{:plug, "~> 1.7", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 2.0", [hex: :plug_cowboy, repo: "hexpm", optional: false]}, {:ranch, "~> 1.3", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "d9b5df8fa5b7a6efa08384e9bbecfe4ce61c77d28a4282f79e02f1ef78d96b80"},
   "castore": {:hex, :castore, "1.0.9", "5cc77474afadf02c7c017823f460a17daa7908e991b0cc917febc90e466a375c", [:mix], [], "hexpm", "5ea956504f1ba6f2b4eb707061d8e17870de2bee95fb59d512872c2ef06925e7"},