Skip to content

Commit

Permalink
Added logic to create token from userId
Browse files Browse the repository at this point in the history
  • Loading branch information
pierpaolo.didato@emeal.nttdata.com authored and pierpaolo.didato@emeal.nttdata.com committed Jul 12, 2024
1 parent 91b566b commit d02caca
Show file tree
Hide file tree
Showing 19 changed files with 1,767 additions and 1,297 deletions.
12 changes: 10 additions & 2 deletions apps/onboarding-functions/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,6 @@
</exclusion>
</exclusions>
</dependency>

<dependency>
<groupId>org.jsoup</groupId>
<artifactId>jsoup</artifactId>
Expand All @@ -165,7 +164,16 @@
<artifactId>quarkus-openapi-generator</artifactId>
<version>2.2.10</version>
</dependency>

<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>2.3.1</version>
</dependency>
<!-- test -->
<dependency>
<groupId>io.quarkus</groupId>
Expand Down
11 changes: 10 additions & 1 deletion ...va/it/pagopa/selfcare/onboarding/client/auth/AuthenticationPropagationHeadersFactory.java
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,24 @@
package it.pagopa.selfcare.onboarding.client.auth;

import it.pagopa.selfcare.onboarding.service.TokenService;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.ws.rs.core.MultivaluedMap;
import org.eclipse.microprofile.rest.client.ext.ClientHeadersFactory;

import java.util.List;


@ApplicationScoped
public class AuthenticationPropagationHeadersFactory implements ClientHeadersFactory {

@Inject
TokenService tokenService;

@Override
public MultivaluedMap<String, String> update(MultivaluedMap<String, String> incomingHeaders, MultivaluedMap<String, String> clientOutgoingHeaders) {
String bearerToken = System.getenv("JWT_BEARER_TOKEN");
final String uuid = incomingHeaders.get("user-uuid").get(0);
String bearerToken = tokenService.createJwt(uuid);
clientOutgoingHeaders.put("Authorization", List.of("Bearer " + bearerToken));
return clientOutgoingHeaders;
}
Expand Down
11 changes: 11 additions & 0 deletions .../onboarding-functions/src/main/java/it/pagopa/selfcare/onboarding/config/TokenConfig.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
package it.pagopa.selfcare.onboarding.config;

import io.smallrye.config.ConfigMapping;

@ConfigMapping(prefix = "onboarding-functions.jwt.token")
public interface TokenConfig {
String signingKey();
String kid();
String issuer();
String duration();
}
2 changes: 1 addition & 1 deletion ...nctions/src/main/java/it/pagopa/selfcare/onboarding/service/CompletionServiceDefault.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -230,7 +230,7 @@ public void persistUsers(Onboarding onboarding) {
userRoleDto.setUserMailUuid(user.getUserMailUuid());
userRoleDto.setProduct(productMapper.toProduct(onboarding, user));
userRoleDto.getProduct().setTokenId(onboarding.getId());
try (Response response = userApi.usersUserIdPost(user.getId(), userRoleDto)) {
try (Response response = userApi.usersUserIdPost(user.getId(), onboarding.getUserRequestUid(), userRoleDto)) {
if (!SUCCESSFUL.equals(response.getStatusInfo().getFamily())) {
throw new RuntimeException("Impossible to create or update role for user with ID: " + user.getId());
}
Expand Down
1 change: 0 additions & 1 deletion ...functions/src/main/java/it/pagopa/selfcare/onboarding/service/ContractServiceDefault.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,6 @@
@ApplicationScoped
public class ContractServiceDefault implements ContractService {


private static final Logger log = LoggerFactory.getLogger(ContractServiceDefault.class);
public static final String PAGOPA_SIGNATURE_DISABLED = "disabled";

Expand Down
6 changes: 6 additions & 0 deletions ...nboarding-functions/src/main/java/it/pagopa/selfcare/onboarding/service/TokenService.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
package it.pagopa.selfcare.onboarding.service;

public interface TokenService {

String createJwt(String userId);
}
88 changes: 88 additions & 0 deletions ...ng-functions/src/main/java/it/pagopa/selfcare/onboarding/service/TokenServiceDefault.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
package it.pagopa.selfcare.onboarding.service;

import io.jsonwebtoken.Header;
import io.jsonwebtoken.JwsHeader;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import it.pagopa.selfcare.onboarding.config.TokenConfig;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.time.Duration;
import java.util.Base64;
import java.util.Date;
import java.util.UUID;

@ApplicationScoped
public class TokenServiceDefault implements TokenService {

@Inject
TokenConfig tokenConfig;

private static final String PRIVATE_KEY_HEADER_TEMPLATE = "-----BEGIN %s-----";
private static final String PRIVATE_KEY_FOOTER_TEMPLATE = "-----END %s-----";
private final Logger logger = LoggerFactory.getLogger(TokenServiceDefault.class.getName());

@Override
public String createJwt(String userId) {
PrivateKey privateKey;
try {
privateKey = getPrivateKey(tokenConfig.signingKey());
} catch (Exception e) {
logger.error("Impossible to get private key. Error: {}", e.getMessage(), e);
return null;
}
return Jwts.builder()
.setId(UUID.randomUUID().toString())
.setIssuedAt(new Date())
.setIssuer(tokenConfig.issuer())
.setExpiration(Date.from(new Date().toInstant().plus(Duration.parse(tokenConfig.duration()))))
.claim("uid", userId)
.signWith(SignatureAlgorithm.RS256, privateKey)
.setHeaderParam(JwsHeader.KEY_ID, tokenConfig.kid())
.setHeaderParam(Header.TYPE, Header.JWT_TYPE)
.compact();
}

private PrivateKey getPrivateKey(String signingKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
boolean isRsa = signingKey.contains("RSA");
String privateKeyEnvelopName = (isRsa ? "RSA " : "") + "PRIVATE KEY";
String privateKeyPEM = signingKey
.replace("\r", "")
.replace("\n", "")
.replace(String.format(PRIVATE_KEY_HEADER_TEMPLATE, privateKeyEnvelopName), "")
.replace(String.format(PRIVATE_KEY_FOOTER_TEMPLATE, privateKeyEnvelopName), "");

byte[] encoded = Base64.getDecoder().decode(privateKeyPEM);

KeySpec keySpec;
if (isRsa) {
RSAPrivateKey rsaPrivateKey = RSAPrivateKey.getInstance(encoded);
keySpec = new RSAPrivateCrtKeySpec(
rsaPrivateKey.getModulus(),
rsaPrivateKey.getPublicExponent(),
rsaPrivateKey.getPrivateExponent(),
rsaPrivateKey.getPrime1(),
rsaPrivateKey.getPrime2(),
rsaPrivateKey.getExponent1(),
rsaPrivateKey.getExponent2(),
rsaPrivateKey.getCoefficient());

} else {
keySpec = new PKCS8EncodedKeySpec(encoded);
}

KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePrivate(keySpec);
}
}
Loading

0 comments on commit d02caca

Please sign in to comment.