Dpop client app

dpop/DPoP-client-app/.gitignore

@@ -0,0 +1,5 @@
+target
+*.iml
+.idea
+dpop.key
+dpop.pub

dpop/DPoP-client-app/README.md

@@ -0,0 +1,73 @@
+# DPoP-client-app 
+ This client application was originally developed by Darsa Mahendrarajah as Gradle application. This repository contains the Maven conversion of the same.
+
+ ## How to setup :
+ 1. Clone /dpop/DPoP-client-app 
+ 2. Build the project using ```mvn clean install```
+ 3. Follow the below steps
+
+### Option 01:
+1. Generate per request basis DPOPProofGenerator.java (This will generate per request
+private and public keypair )
+  - Navigate to /samples-is/dpop/DPoP-client-app folder.
+  - Run the below command.
+
+  ```java -cp target/client-app-1.0-jar-with-dependencies.jar org.wso2.dpop.client.DPOPProofGenerator```
+  - Enter the user inputs for below questions.
+
+   ```
+   Enter the public and private key pair type(EC or RSA): 
+   EC
+   Enter the HTTP Method: 
+   POST
+   Enter the HTTP Url: 
+   https://localhost:9443/oauth2/token
+
+  ```
+- Extract the dpop proof from the output.  
+
+    ```
+    [Signed JWT] : eyJ0eXAiOiJkcG9wK2p3dCIsImFsZyI6IkVTMjU2IiwiandrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiQ
+                   y03b1ZVQ2Z2OUlRQmlWN0JlLVdNVVEtdF9ibmo1TzBlV0tuZkhnUUJaSSIsInkiOiJla2Rsci12dFJFMHFMdUpNYU5FUDR
+                   vdXhKNVVHTEREdWphZUN6ejhJTkdjIn19.eyJodG0iOiJQT1NUIiwic3ViIjoic3ViIiwibmJmIjoxNjM1MTc2MDg2LCJp
+                   c3MiOiJpc3N1ZXIiLCJodHUiOiJodHRwczpcL1wvbG9jYWxob3N0Ojk0NDNcL29hdXRoMlwvdG9rZW4iLCJpYXQiOjE2Mz
+                   UxNzYwODYsImp0aSI6ImUzMTEzYzdmLTE0YTQtNGU2ZC1hY2VmLTZjZDQ5NWQ1ZWZjNCJ9.lgEjdP1Fv3OOAaFfM4CEREg
+                   46RGdbusLzb4409eCMabCwbN0dS6NdXsc6qxfR_TVhkKzIUKLSDmM4qzEIuw4LQ
+    ```
+
+ ### Option 02: 
+ 1. Generate dpop proof by passing public key and private key file location.
+    -  Generate public key pair and store it in a file.(GeneratePublicKeyPair.java)
+        1. Navigate to /samples-is/dpop/DPoP-client-app folder and run the below command.Private key file (dpop.key) and Public key file will be generated(dpop.pub).
+
+           ```java -cp target/client-app-1.0-jar-with-dependencies.jar org.wso2.dpop.client.GeneratePublicKeyPair```
+    -  Use the already created key pairs and load and generate the DPoP Proof(DPOPProofGeneratorFromPP.java) .
+        1. Navigate to /samples-is/dpop/DPoP-client-app folder.
+        2. Run the below command.
+
+           ``` java -cp target/client-app-1.0-jar-with-dependencies.jar org.wso2.dpop.client.DPOPProofGeneratorFromPP```
+
+        3. Enter the user inputs for  the below questions.
+
+          ```  
+          File path to private key: 
+          dpop.key
+          File path to public key: 
+          dpop.pub
+          Enter the public and private key pair type(EC or RSA): 
+          EC
+          Enter the HTTP Method: 
+          POST
+          Enter the HTTP Url: 
+          https://localhost:9443/oauth2/token
+          ```
+        4. Extract the dpop proof from the output.  
+
+         ```
+         [Signed JWT] : eyJ0eXAiOiJkcG9wK2p3dCIsImFsZyI6IkVTMjU2IiwiandrIjp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiQ
+                        y03b1ZVQ2Z2OUlRQmlWN0JlLVdNVVEtdF9ibmo1TzBlV0tuZkhnUUJaSSIsInkiOiJla2Rsci12dFJFMHFMdUpNYU5FUDR
+                        vdXhKNVVHTEREdWphZUN6ejhJTkdjIn19.eyJodG0iOiJQT1NUIiwic3ViIjoic3ViIiwibmJmIjoxNjM1MTc2MDg2LCJp
+                        c3MiOiJpc3N1ZXIiLCJodHUiOiJodHRwczpcL1wvbG9jYWxob3N0Ojk0NDNcL29hdXRoMlwvdG9rZW4iLCJpYXQiOjE2Mz
+                        UxNzYwODYsImp0aSI6ImUzMTEzYzdmLTE0YTQtNGU2ZC1hY2VmLTZjZDQ5NWQ1ZWZjNCJ9.lgEjdP1Fv3OOAaFfM4CEREg
+                        46RGdbusLzb4409eCMabCwbN0dS6NdXsc6qxfR_TVhkKzIUKLSDmM4qzEIuw4LQ```
+

dpop/DPoP-client-app/pom.xml

@@ -0,0 +1,151 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>org.wso2.dpop.client</groupId>
+    <artifactId>client-app</artifactId>
+    <version>1.0</version>
+
+    <properties>
+        <maven.compiler.source>8</maven.compiler.source>
+        <maven.compiler.target>8</maven.compiler.target>
+        <nimbusds.version>7.3.0.wso2v1</nimbusds.version>
+        <json-smart.version>1.3</json-smart.version>
+        <commons.logging.version>1.2</commons.logging.version>
+    </properties>
+    <build>
+        <resources>
+            <resource>
+                <directory>${project.basedir}</directory>
+                <includes>
+                    <include>lib/*.jar</include>
+                </includes>
+            </resource>
+        </resources>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-eclipse-plugin</artifactId>
+                <version>2.9</version>
+                <configuration>
+                    <downloadSources>true</downloadSources>
+                    <downloadJavadocs>false</downloadJavadocs>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+            </plugin>
+
+            <!-- Set a compiler level -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>2.3.2</version>
+                <configuration>
+                    <source>1.8</source>
+                    <target>1.8</target>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <configuration>
+                    <archive>
+                        <manifest>
+                            <addClasspath>true</addClasspath>
+                            <classpathPrefix>lib/</classpathPrefix>
+                            <mainClass>com.etl_aggregation.app.App</mainClass>
+                        </manifest>
+                    </archive>
+                </configuration>
+            </plugin>
+
+            <!-- Maven Assembly Plugin -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <version>2.4.1</version>
+                <configuration>
+                    <!-- get all project dependencies -->
+                    <descriptorRefs>
+                        <descriptorRef>jar-with-dependencies</descriptorRef>
+                    </descriptorRefs>
+                    <!-- MainClass in mainfest make a executable jar -->
+                    <archive>
+                        <manifest>
+                            <mainClass>com.etl_aggregation.app.App</mainClass>
+                        </manifest>
+                    </archive>
+
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>make-assembly</id>
+                        <!-- bind to the packaging phase -->
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+    <dependencies>
+        <dependency>
+            <groupId>org.wso2.orbit.com.nimbusds</groupId>
+            <artifactId>nimbus-jose-jwt</artifactId>
+            <version>${nimbusds.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>net.minidev</groupId>
+            <artifactId>json-smart</artifactId>
+            <version>${json-smart.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-logging</groupId>
+            <artifactId>commons-logging</artifactId>
+            <version>${commons.logging.version}</version>
+        </dependency>
+    </dependencies>
+
+    <repositories>
+            <repository>
+                <id>wso2-nexus</id>
+                <name>WSO2 internal Repository</name>
+                <url>https://maven.wso2.org/nexus/content/groups/wso2-public/</url>
+                <releases>
+                    <enabled>true</enabled>
+                    <updatePolicy>daily</updatePolicy>
+                    <checksumPolicy>ignore</checksumPolicy>
+                </releases>
+            </repository>
+            <repository>
+                <id>wso2.releases</id>
+                <name>WSO2 internal Repository</name>
+                <url>https://maven.wso2.org/nexus/content/repositories/releases/</url>
+                <releases>
+                    <enabled>true</enabled>
+                    <updatePolicy>daily</updatePolicy>
+                    <checksumPolicy>ignore</checksumPolicy>
+                </releases>
+            </repository>
+
+            <repository>
+                <id>wso2.snapshots</id>
+                <name>WSO2 Snapshot Repository</name>
+                <url>https://maven.wso2.org/nexus/content/repositories/snapshots/</url>
+                <snapshots>
+                    <enabled>true</enabled>
+                    <updatePolicy>daily</updatePolicy>
+                </snapshots>
+                <releases>
+                    <enabled>false</enabled>
+                </releases>
+            </repository>
+    </repositories>
+</project>

dpop/DPoP-client-app/src/main/java/org/wso2/dpop/client/DPOPProofGenerator.java

@@ -0,0 +1,124 @@
+/*
+ *  Copyright (c) 2022, WSO2 LLC (http://www.wso2.org) All Rights Reserved.
+ *
+ *  WSO2 LLC licenses this file to you under the Apache license,
+ *  Version 2.0 (the "license"); you may not use this file except
+ *  in compliance with the license.
+ *  You may obtain a copy of the license at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License.
+ *
+ */
+
+package org.wso2.dpop.client;
+
+import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jose.JOSEObjectType;
+import com.nimbusds.jose.JWSHeader;
+import com.nimbusds.jose.crypto.ECDSASigner;
+import com.nimbusds.jose.crypto.RSASSASigner;
+import com.nimbusds.jose.jwk.Curve;
+import com.nimbusds.jose.jwk.ECKey;
+import com.nimbusds.jose.jwk.JWK;
+import com.nimbusds.jose.jwk.RSAKey;
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.SignedJWT;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.text.ParseException;
+import java.util.Date;
+import java.util.Scanner;
+import java.util.UUID;
+
+import static com.nimbusds.jose.JWSAlgorithm.ES256;
+import static com.nimbusds.jose.JWSAlgorithm.RS384;
+
+/**
+ *  DPOPProofGenerator will generate per request private and public keypair.
+ */
+public class DPOPProofGenerator {
+
+    private static final Log log = LogFactory.getLog(DPOPProofGenerator.class);
+
+    public static void main(String args[]) throws NoSuchAlgorithmException, JOSEException, ParseException,
+            InvalidAlgorithmParameterException {
+
+        Scanner scan = new Scanner(System.in);
+        System.out.println("Enter the public and private key pair type(EC or RSA): ");
+        String keyPairType = scan.nextLine();
+        System.out.println("Enter the HTTP Method: ");
+        String httpMethod = scan.nextLine();
+        System.out.println("Enter the HTTP Url: ");
+        String httpUrl = scan.nextLine();
+
+        KeyPairGenerator gen = KeyPairGenerator.getInstance(keyPairType);
+        KeyPair keyPair;
+        JWK jwk = null;
+        if ("EC".equals(keyPairType)) {
+            gen.initialize(Curve.P_256.toECParameterSpec());
+            keyPair = gen.generateKeyPair();
+            jwk = new ECKey.Builder(Curve.P_256, (ECPublicKey) keyPair.getPublic())
+                    .build();
+        } else {
+            gen = KeyPairGenerator.getInstance("RSA");
+            gen.initialize(2048);
+            keyPair = gen.generateKeyPair();
+            jwk = new RSAKey.Builder((RSAPublicKey) keyPair.getPublic()).build();
+        }
+
+        log.info("jwk: " + jwk);
+        log.info("publicKey: " + keyPair.getPublic());
+        log.info("private: " + keyPair.getPrivate());
+
+        JWTClaimsSet.Builder jwtClaimsSetBuilder = new JWTClaimsSet.Builder();
+        jwtClaimsSetBuilder.issuer("issuer");
+        jwtClaimsSetBuilder.subject("sub");
+        jwtClaimsSetBuilder.issueTime(new Date(System.currentTimeMillis()));
+        jwtClaimsSetBuilder.jwtID(UUID.randomUUID().toString());
+        jwtClaimsSetBuilder.notBeforeTime(new Date(System.currentTimeMillis()));
+        jwtClaimsSetBuilder.claim("htm", httpMethod);
+        jwtClaimsSetBuilder.claim("htu", httpUrl);
+
+        JWSHeader.Builder headerBuilder;
+        if ("EC".equals(keyPairType)) {
+            headerBuilder = new JWSHeader.Builder(ES256);
+        } else {
+            headerBuilder = new JWSHeader.Builder(RS384);
+        }
+        headerBuilder.type(new JOSEObjectType("dpop+jwt"));
+        headerBuilder.jwk(jwk);
+        SignedJWT signedJWT = new SignedJWT(headerBuilder.build(), jwtClaimsSetBuilder.build());
+
+        if ("EC".equals(keyPairType)) {
+            ECDSASigner ecdsaSigner = new ECDSASigner(keyPair.getPrivate(), Curve.P_256);
+            signedJWT.sign(ecdsaSigner);
+        } else {
+            RSASSASigner rsassaSigner = new RSASSASigner(keyPair.getPrivate());
+            signedJWT.sign(rsassaSigner);
+        }
+
+        log.info("[Signed JWT] : " + signedJWT.serialize());
+        JWK parseJwk = JWK.parse(String.valueOf(jwk));
+        if ("EC".equals(keyPairType)) {
+            ECKey ecKey = (ECKey) parseJwk;
+            log.info("[ThumbPrint] : " + ecKey.computeThumbprint().toString());
+        } else {
+            RSAKey rsaKey = (RSAKey) parseJwk;
+            log.info("[ThumbPrint] : " + rsaKey.computeThumbprint().toString());
+        }
+    }
+}