From a8f090a8b7c7d67ab149390b44c001e8e1e98eb8 Mon Sep 17 00:00:00 2001
From: MaxKey <shimingxy@qq.com>
Date: Sun, 13 Feb 2022 18:46:56 +0800
Subject: [PATCH] metadatas

---
 .../java/org/maxkey/web/WebConstants.java     |  2 ++
 .../token/endpoint/JwtAuthorizeEndpoint.java  | 35 +++++++++++++++----
 .../endpoint/AuthorizationEndpoint.java       | 25 +++++++++++++
 .../metadata/endpoint/MetadataEndpoint.java   | 12 +++----
 .../templates/views/apps/saml20/appUpdate.ftl |  2 +-
 5 files changed, 62 insertions(+), 14 deletions(-)

diff --git a/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java b/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java
index fa3d738aa..18177400c 100644
--- a/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java
+++ b/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java
@@ -90,6 +90,8 @@ public class WebConstants {
     
     public static final  String ONLINE_TICKET_PREFIX = "OT";
     
+	public static final  String MXK_METADATA_PREFIX = "mxk_metadata_";
+	
     public static final class LOGIN_RESULT{
     	public static final  String SUCCESS 		= "success";
     	public static final  String FAIL 			= "fail";
diff --git a/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/token/endpoint/JwtAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/token/endpoint/JwtAuthorizeEndpoint.java
index a5eabbe96..dcedd69fa 100644
--- a/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/token/endpoint/JwtAuthorizeEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/token/endpoint/JwtAuthorizeEndpoint.java
@@ -27,16 +27,19 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.beanutils.BeanUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.authz.jwt.endpoint.adapter.JwtAdapter;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstsBoolean;
+import org.maxkey.crypto.jose.keystore.JWKSetKeyStore;
 import org.maxkey.entity.apps.Apps;
 import org.maxkey.entity.apps.AppsJwtDetails;
 import org.maxkey.persistence.service.AppsJwtDetailsService;
 import org.maxkey.util.Instance;
+import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -44,6 +47,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.servlet.ModelAndView;
 
 import io.swagger.v3.oas.annotations.Operation;
@@ -72,13 +77,9 @@ public class JwtAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 			HttpServletResponse response,
 			@PathVariable("id") String id){
 		ModelAndView modelAndView=new ModelAndView();
-		
-		
-		AppsJwtDetails jwtDetails=null;
-		jwtDetails=jwtDetailsService.getAppDetails(id);
+		Apps  application = getApp(id);
+		AppsJwtDetails jwtDetails = jwtDetailsService.getAppDetails(id);
 		_logger.debug(""+jwtDetails);
-		
-		Apps  application= getApp(id);
 		jwtDetails.setAdapter(application.getAdapter());
 		jwtDetails.setIsAdapter(application.getIsAdapter());
 		
@@ -135,4 +136,26 @@ public class JwtAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 		
 	}
 
+	@Operation(summary = "JWT JWK元数据接口", description = "参数mxk_metadata_APPID",method="GET")
+	@RequestMapping(value = "/metadata/jwt/{appid}.json",produces = "application/json", method={RequestMethod.POST, RequestMethod.GET})
+	@ResponseBody
+	public String  metadata(HttpServletRequest request,
+			HttpServletResponse response, @PathVariable("appid") String appId) {
+		appId = appId.substring(WebConstants.MXK_METADATA_PREFIX.length(), appId.length());
+		AppsJwtDetails jwtDetails = jwtDetailsService.getAppDetails(appId);
+		String jwkSetString = "";
+		if(!jwtDetails.getSignature().equalsIgnoreCase("none")) {
+			jwkSetString = jwtDetails.getSignatureKey();
+		}
+		if(!jwtDetails.getAlgorithm().equalsIgnoreCase("none")) {
+			if(StringUtils.isBlank(jwkSetString)) {
+				jwkSetString = jwtDetails.getAlgorithmKey();
+			}else {
+				jwkSetString = jwkSetString + "," +jwtDetails.getAlgorithmKey();
+			}
+		}
+		JWKSetKeyStore jwkSetKeyStore = new JWKSetKeyStore("{\"keys\": [" + jwkSetString + "]}");
+		
+		return jwkSetKeyStore.getJwkSet().toPublicJWKSet().toString();
+	}
 }
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
index 6569c526d..6d978f5ab 100644
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
@@ -42,6 +42,7 @@ import org.maxkey.authz.oauth2.provider.approval.UserApprovalHandler;
 import org.maxkey.authz.oauth2.provider.code.AuthorizationCodeServices;
 import org.maxkey.authz.oauth2.provider.implicit.ImplicitTokenRequest;
 import org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestValidator;
+import org.maxkey.crypto.jose.keystore.JWKSetKeyStore;
 import org.maxkey.util.HttpEncoder;
 import org.maxkey.entity.apps.Apps;
 import org.maxkey.entity.apps.oauth2.provider.ClientDetails;
@@ -58,6 +59,7 @@ import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.SessionAttributes;
 import org.springframework.web.bind.support.SessionStatus;
 import org.springframework.web.servlet.ModelAndView;
@@ -286,6 +288,29 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
 		}
 
 	}
+	
+	@Operation(summary = "OAuth JWk 元数据接口", description = "参数mxk_metadata_APPID",method="GET")
+	@RequestMapping(value = "/metadata/oauth/v20/{appid}.json",produces = "application/json", method={RequestMethod.POST, RequestMethod.GET})
+	@ResponseBody
+	public String  metadata(HttpServletRequest request,
+			HttpServletResponse response, @PathVariable("appid") String appId) {
+		appId = appId.substring(WebConstants.MXK_METADATA_PREFIX.length(), appId.length());
+		ClientDetails  clientDetails = getClientDetailsService().loadClientByClientId(appId,true);
+		String jwkSetString = "";
+		if(!clientDetails.getSignature().equalsIgnoreCase("none")) {
+			jwkSetString = clientDetails.getSignatureKey();
+		}
+		if(!clientDetails.getAlgorithm().equalsIgnoreCase("none")) {
+			if(!StringUtils.hasText(jwkSetString)) {
+				jwkSetString = clientDetails.getAlgorithmKey();
+			}else {
+				jwkSetString = jwkSetString + "," +clientDetails.getAlgorithmKey();
+			}
+		}
+		JWKSetKeyStore jwkSetKeyStore = new JWKSetKeyStore("{\"keys\": [" + jwkSetString + "]}");
+		
+		return jwkSetKeyStore.getJwkSet().toPublicJWKSet().toString();
+	}
 
 	// We need explicit approval from the user.
 	private ModelAndView getUserApprovalPageResponse(Map<String, Object> model,
diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/metadata/endpoint/MetadataEndpoint.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/metadata/endpoint/MetadataEndpoint.java
index f1c1a769e..2a4f48c4f 100644
--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/metadata/endpoint/MetadataEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/metadata/endpoint/MetadataEndpoint.java
@@ -26,6 +26,7 @@ import org.maxkey.authz.saml20.metadata.MetadataGenerator;
 import org.maxkey.constants.ContentType;
 import org.maxkey.crypto.keystore.KeyStoreLoader;
 import org.maxkey.entity.Saml20Metadata;
+import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.core.NameIDType;
@@ -73,17 +74,15 @@ public class MetadataEndpoint {
 	private Saml20Metadata saml20Metadata;
 	
 	private Credential signingCredential;
-	
-	public static String IDP_METADATA_PREFIX = "Idp_Metadata_";
 
-	@Operation(summary = "SAML 2.0 元数据接口", description = "参数Idp_Metadata_应用ID",method="GET")
+	@Operation(summary = "SAML 2.0 元数据接口", description = "参数mxk_metadata_APPID",method="GET")
 	@RequestMapping(value = "/{appid}.xml",produces = "application/xml", method={RequestMethod.POST, RequestMethod.GET})
 	@ResponseBody
 	public String  metadata(HttpServletRequest request,
 			HttpServletResponse response, @PathVariable("appid") String appId) {
 	    response.setContentType(ContentType.APPLICATION_XML_UTF8);
-	    appId = appId.substring(IDP_METADATA_PREFIX.length(), appId.length());
-		if(signingCredential==null){
+	    appId = appId.substring(WebConstants.MXK_METADATA_PREFIX.length(), appId.length());
+		if(signingCredential == null){
 	        TrustResolver trustResolver = new TrustResolver();
 	        CredentialResolver credentialResolver=(CredentialResolver)trustResolver.buildKeyStoreCredentialResolver(
 	        		keyStoreLoader.getKeyStore(),
@@ -96,7 +95,6 @@ public class MetadataEndpoint {
 	 		
 	 		 criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
 	 		 
-			
 			try {
 				signingCredential = credentialResolver.resolveSingle(criteriaSet);
 			}catch (SecurityException e) {
@@ -121,7 +119,7 @@ public class MetadataEndpoint {
 	        
 	        descriptor.getSingleLogoutServices().add(metadataGenerator.getSingleLogoutService(WebContext.getHttpContextPath()+"/logout",null));
 	        
-	        descriptor.getManageNameIDServices().add(metadataGenerator.getManageNameIDService(WebContext.getHttpContextPath()+"/saml/metadata/"+IDP_METADATA_PREFIX+appId+".xml"));
+	        descriptor.getManageNameIDServices().add(metadataGenerator.getManageNameIDService(WebContext.getHttpContextPath()+"/saml/metadata/" + WebConstants.MXK_METADATA_PREFIX + appId + ".xml"));
 	             
 	        descriptor.getKeyDescriptors().add(metadataGenerator.generateEncryptionKeyDescriptor(signingCredential));  
 	         
diff --git a/maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/apps/saml20/appUpdate.ftl b/maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/apps/saml20/appUpdate.ftl
index 34f97945f..ffbf4fb6b 100644
--- a/maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/apps/saml20/appUpdate.ftl
+++ b/maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/apps/saml20/appUpdate.ftl
@@ -58,7 +58,7 @@
 					</td>
 					<td></td>
                     <td  >
-                        <a target="_blank" href="${authzURI}/metadata/saml20/Idp_Metadata_${model.id}.xml"> SAML MetaData</a>
+                        <a target="_blank" href="${authzURI}/metadata/saml20/mxk_metadata_${model.id}.xml">SAML MetaData</a>
                     </td>
 				</tr>
 				<tr>
-- 
GitLab