Merge pull request #28 from rglauco/main

- added federation_entity metadata parameters
- added policy page
- add federation resolve endpoint in example module 
- renamed "trust_mark_issuers"

examples/relying-party-spring-boot/src/main/java/it/spid/cie/oidc/spring/boot/relying/party/RelyingPartyWrapper.java

@@ -104,6 +104,12 @@ private void postConstruct() throws OIDCException {
 				.setUserinfoEncryptedResponseAlg(oidcConfig.getRelyingParty().getUserinfoEncryptedResponseAlg())
 				.setUserinfoEncryptedResponseEnc(oidcConfig.getRelyingParty().getUserinfoEncryptedResponseEnc())
 				.setTokenEndpointAuthMethod(oidcConfig.getRelyingParty().getTokenEndpointAuthMethod())
+				.setFederationResolveEndpoint(oidcConfig.getRelyingParty().getFederationResolveEndpoint())
+				.setOrganizationName(oidcConfig.getRelyingParty().getOrganizationName())
+				.setHomepageUri(oidcConfig.getRelyingParty().getHomepageUri())
+				.setLogoUri(oidcConfig.getRelyingParty().getLogoUri())
+				.setPolicyUri(oidcConfig.getRelyingParty().getPolicyUri())
+				.setFederationContacts(oidcConfig.getRelyingParty().getFederationContacts())
 				.setJWK(jwk)
 				.setTrustMarks(trustMarks);
 

examples/relying-party-spring-boot/src/main/java/it/spid/cie/oidc/spring/boot/relying/party/config/OidcConfig.java

@@ -191,6 +191,15 @@ public String getUserinfoEncryptedResponseAlg() {
 
 		public String getTokenEndpointAuthMethod() { return tokenEndpointAuthMethod; }
 
+		public String getFederationResolveEndpoint() { return federationResolveEndpoint; }
+		public String getOrganizationName() { return organizationName; }
+		public String getHomepageUri() { return homepageUri; }
+		public String getPolicyUri() { return policyUri; }
+		public String getLogoUri() { return logoUri; }
+		public Set<String> getFederationContacts() {
+			return Collections.unmodifiableSet(federationContacts);
+		}
+
 		public Set<String> getRedirectUris() {
 			return Collections.unmodifiableSet(redirectUris);
 		}
@@ -238,6 +247,26 @@ public void setUserinfoEncryptedResponseEnc(String userinfoEncryptedResponseEnc)
 		public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) {
 			this.tokenEndpointAuthMethod = tokenEndpointAuthMethod;
 		}
+
+		public void setFederationResolveEndpoint(String federationResolveEndpoint) {
+			this.federationResolveEndpoint = federationResolveEndpoint;
+		}
+		public void setOrganizationName(String organizationName) {
+			this.organizationName = organizationName;
+		}
+		public void setHomepageUri(String homepageUri) {
+			this.homepageUri = homepageUri;
+		}
+		public void setPolicyUri(String policyUri) {
+			this.policyUri = policyUri;
+		}
+		public void setLogoUri(String logoUri) {
+			this.logoUri = logoUri;
+		}
+		public void setFederationContacts(Set<String> federationContacts) {
+			this.federationContacts = federationContacts;
+		}
+
 //		public void setJwk(String jwk) {
 //			this.jwk = jwk;
 //		}
@@ -300,6 +329,13 @@ public JSONObject toJSON() {
 		private String userinfoEncryptedResponseEnc;
 		private String tokenEndpointAuthMethod;
 
+		private String federationResolveEndpoint;
+		private String organizationName;
+		private String homepageUri;
+		private String policyUri;
+		private String logoUri;
+		private Set<String> federationContacts = new HashSet<>();
+
 	}
 
 }

examples/relying-party-spring-boot/src/main/java/it/spid/cie/oidc/spring/boot/relying/party/controller/EntityStatementController.java

@@ -0,0 +1,76 @@
+package it.spid.cie.oidc.spring.boot.relying.party.controller;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.MediaType;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.json.JSONObject;
+import org.json.JSONArray;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import it.spid.cie.oidc.config.RelyingPartyOptions;
+import it.spid.cie.oidc.exception.OIDCException;
+import it.spid.cie.oidc.model.FederationEntity;
+import it.spid.cie.oidc.spring.boot.relying.party.RelyingPartyWrapper;
+import it.spid.cie.oidc.spring.boot.relying.party.config.OidcConfig;
+import it.spid.cie.oidc.spring.boot.relying.party.persistence.H2PersistenceImpl;
+import it.spid.cie.oidc.model.TrustChain;
+import it.spid.cie.oidc.helper.JWTHelper;
+
+@RestController
+@RequestMapping("/oidc/rp")
+public class EntityStatementController {
+    private static final Logger logger = LoggerFactory.getLogger(RelyingPartyWrapper.class);
+    @Autowired
+    private OidcConfig oidcConfig;
+    @Autowired
+    private H2PersistenceImpl persistenceImpl;
+
+    @GetMapping("/resolve")
+    public ResponseEntity<String> resolveEntityStatement(
+            @RequestParam String sub,
+            @RequestParam String anchor,
+            @RequestParam(defaultValue = "jose") String format
+    ) throws OIDCException {
+
+        if (sub == null || anchor == null) {
+            return new ResponseEntity<>("sub and anchor parameters are REQUIRED.", HttpStatus.NOT_FOUND);
+        }
+        String iss = oidcConfig.getRelyingParty().getClientId();
+
+        FederationEntity entityConfiguration = persistenceImpl.fetchFederationEntity(iss, true);
+
+        TrustChain entity = persistenceImpl.fetchTrustChain(sub, anchor);
+
+        if (entity == null) {
+            return new ResponseEntity<>("entity not found.", HttpStatus.NOT_FOUND);
+        }
+        JSONObject metadata = new JSONObject(entity.getMetadata());
+        JSONArray trust_chain = new JSONArray(entity.getChain());
+
+        JSONObject response = new JSONObject();
+        response.put("iss", iss);
+        response.put("sub", sub);
+        response.put("iat", entity.getIssuedAt());
+        response.put("exp", entity.getExpiresOn());
+        response.put("trust_marks", entity.getTrustMarks());
+        response.put("metadata", metadata);
+        response.put("trust_chain",trust_chain);
+
+        logger.info("resolve endpoint for {}, {}", sub, anchor);
+
+        if ("json".equals(format)) {
+            return ResponseEntity.ok()
+                    .contentType(MediaType.APPLICATION_JSON)
+                    .body(response.toString());
+        } else {
+            JWTHelper jws = new JWTHelper(new RelyingPartyOptions());
+            return new ResponseEntity<>(jws.createJWS(response, JWTHelper.getJWKSetFromJSON(entityConfiguration.getJwks())), HttpStatus.OK);
+        }
+    }
+}

examples/relying-party-spring-boot/src/main/java/it/spid/cie/oidc/spring/boot/relying/party/controller/PolicyController.java

@@ -0,0 +1,29 @@
+package it.spid.cie.oidc.spring.boot.relying.party.controller;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.servlet.ModelAndView;
+
+import it.spid.cie.oidc.schemas.OIDCProfile;
+import it.spid.cie.oidc.schemas.ProviderButtonInfo;
+import it.spid.cie.oidc.spring.boot.relying.party.RelyingPartyWrapper;
+
+@RestController
+@RequestMapping("/oidc/rp")
+public class PolicyController {
+    @GetMapping("/policy")
+    public ModelAndView home(HttpServletRequest request)
+            throws Exception {
+
+        ModelAndView mav = new ModelAndView("policy");
+
+        return mav;
+    }
+
+}

examples/relying-party-spring-boot/src/main/java/it/spid/cie/oidc/spring/boot/relying/party/persistence/model/FederationEntityModel.java

@@ -32,7 +32,7 @@ public static FederationEntityModel of(FederationEntity source) {
 		target.setConstraints(source.getConstraints());
 		target.setJwks(source.getJwks());
 		target.setTrustMarks(source.getTrustMarks());
-		target.setTrustMarksIssuers(source.getTrustMarksIssuers());
+		target.setTrustMarkIssuers(source.gettrustMarkIssuers());
 		target.setMetadata(source.getMetadata());
 
 		return target;
@@ -79,8 +79,8 @@ public String getTrustMarks() {
 		return trustMarks;
 	}
 
-	public String getTrustMarksIssuers() {
-		return trustMarksIssuers;
+	public String getTrustMarkIssuers() {
+		return trustMarkIssuers;
 	}
 
 	public String getMetadata() {
@@ -134,8 +134,8 @@ public void setTrustMarks(String trustMarks) {
 		this.trustMarks = trustMarks;
 	}
 
-	public void setTrustMarksIssuers(String trustMarksIssuers) {
-		this.trustMarksIssuers = trustMarksIssuers;
+	public void setTrustMarkIssuers(String trustMarkIssuers) {
+		this.trustMarkIssuers = trustMarkIssuers;
 	}
 
 	public void setMetadata(String metadata) {
@@ -169,7 +169,7 @@ public FederationEntity toFederationEntity() {
 		target.setConstraints(getConstraints());
 		target.setJwks(getJwks());
 		target.setTrustMarks(getTrustMarks());
-		target.setTrustMarksIssuers(getTrustMarksIssuers());
+		target.settrustMarkIssuers(getTrustMarkIssuers());
 		target.setMetadata(getMetadata());
 
 		return target;
@@ -218,8 +218,8 @@ private String getStorageId() {
 	@Column(name = "trust_marks", nullable = false, length = 2000)
 	private String trustMarks;
 
-	@Column(name = "trust_marks_issuers", nullable = false, length = 2000)
-	private String trustMarksIssuers;
+	@Column(name = "trust_mark_issuers", nullable = false, length = 2000)
+	private String trustMarkIssuers;
 
 	@Column(nullable = false, length = 5000)
 	private String metadata;

examples/relying-party-spring-boot/src/main/java/it/spid/cie/oidc/spring/boot/relying/party/persistence/model/TrustChainRepository.java

@@ -31,7 +31,7 @@ public interface TrustChainRepository extends CrudRepository<TrustChainModel, Lo
 			"SELECT tc.* FROM trust_chain tc " +
 			" INNER JOIN fetched_entity_statement fes ON (" +
 			" fes.id = tc.trust_anchor_id AND fes.sub = ?2)" +
-			" WHERE tc.sub = ?1 AND tc.type_ = ?3" +
+			" WHERE tc.sub = ?1 AND tc.type_ = ?3 AND tc.is_active = 1" +
 			" LIMIT 1",
 		nativeQuery = true
 	)

examples/relying-party-spring-boot/src/main/resources/application.yml

@@ -66,6 +66,14 @@ oidc:
       userinfo-encrypted-response-alg: "RSA-OAEP"
       userinfo-encrypted-response-enc: "A128CBC-HS256"
 
+      federation-resolve-endpoint: "http://${oidc.hosts.relying-party}:8080/resolve"
+      organization-name: "PA OIDC Relying Party"
+      homepage-uri: "http://${oidc.hosts.relying-party}:8080/oidc/rp/landing"
+      policy-uri: "http://${oidc.hosts.relying-party}:8080/oidc/rp/policy"
+      logo-uri: "http://${oidc.hosts.relying-party}:8080/static/images/logo-it.svg"
+      federation-contacts:
+         - "[email protected]"
+
       client-id: "http://${oidc.hosts.relying-party}:8080/oidc/rp/"
       redirect-uris:
       - "http://${oidc.hosts.relying-party}:8080/oidc/rp/callback"

examples/relying-party-spring-boot/src/main/resources/sql/schema.sql

@@ -40,7 +40,7 @@ CREATE TABLE IF NOT EXISTS federation_entity_configuration (
 	authority_hints VARCHAR NOT NULL,
 	jwks VARCHAR NOT NULL,
 	trust_marks VARCHAR NOT NULL,
-	trust_marks_issuers VARCHAR NOT NULL,
+	trust_mark_issuers VARCHAR NOT NULL,
 	metadata VARCHAR NOT NULL,
 	constraints VARCHAR NOT NULL,
 	is_active BOOLEAN NOT NULL,