Merge pull request ncanode-kz#226 from mitwork/jwt

Реализация подписания JWT GG2015

Author: malikzh

build.gradle

@@ -23,6 +23,9 @@ repositories {
     }
     mavenLocal()
     mavenCentral()
+    maven {
+        url 'https://pkgs.dev.azure.com/as1an/public/_packaging/repo/maven/v1'
+    }
 }
 
 dependencies {
@@ -55,6 +58,9 @@ dependencies {
     implementation name: 'kalkancrypt-xmldsig-0.5'
     implementation 'org.apache.santuario:xmlsec:3.0.3'
 
+    // JWT GG2015
+    implementation 'kz.gov.pki:java-jwt:4.4.0'
+
     // SOAP/WSSE
     implementation 'org.apache.ws.security:wss4j:1.6.19'
     implementation 'org.apache.wss4j:wss4j-ws-security-dom:2.4.1'

openapi.yml

@@ -18,6 +18,8 @@ tags:
     description: Методы для работы с x509
   - name: XML
     description: Методы для работы с XML
+  - name: JWT
+    description: Методы для работы с JWT
   - name: Actuator
     description: Monitor and interact
     externalDocs:
@@ -276,6 +278,42 @@ paths:
             '*/*':
               schema:
                 $ref: '#/components/schemas/CmsDataResponse'
+  /jwt/encode:
+    post:
+      tags:
+        - JWT
+      operationId: encode
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/JwtEncodeRequest'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            '*/*':
+              schema:
+                $ref: '#/components/schemas/JwtEncodeResponse'
+  /jwt/decode:
+    post:
+      tags:
+        - JWT
+      operationId: decode
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/JwtDecodeRequest'
+        required: true
+      responses:
+        '200':
+          description: OK
+          content:
+            '*/*':
+              schema:
+                $ref: '#/components/schemas/JwtDecodeResponse'
   /actuator:
     get:
       tags:
@@ -791,6 +829,97 @@ components:
           type: string
         data:
           type: string
+    JwtEncodeRequest:
+      required:
+        - jwt
+        - key
+        - password
+      type: object
+      properties:
+        jwt:
+          $ref: '#/components/schemas/JwtRequest'
+        key:
+          type: string
+        password:
+          type: string
+        keyAlias:
+          type: string
+    JwtRequest:
+      required:
+        - header
+        - payload
+      type: object
+      properties:
+        header:
+          $ref: '#/components/schemas/JwtHeader'
+        payload:
+          $ref: '#/components/schemas/JwtPayload'
+    JwtHeader:
+      required:
+        - alg
+        - typ
+      type: object
+      properties:
+        alg:
+          type: string
+          enum:
+            - GG2015
+            - GG2004
+            - ES256
+            - ES384
+            - ES512
+            - RS256
+            - RS384
+            - RS512
+        typ:
+          type: string
+          enum:
+            - JWT
+    JwtPayload:
+      type: object
+      example:
+        cbin: "012345678909"
+        mcheck: "DS"
+        iat: 1631925900
+        exp: 1631929500
+    JwtEncodeResponse:
+      type: object
+      properties:
+        status:
+          type: integer
+          format: int32
+        message:
+          type: string
+        jwt:
+          type: string
+    JwtDecodeRequest:
+      required:
+        - jwt
+        - key
+      type: object
+      properties:
+        jwt:
+          type: string
+        key:
+          type: string
+    JwtDecodeResponse:
+      type: object
+      properties:
+        status:
+          type: integer
+          format: int32
+        message:
+          type: string
+        jwt:
+          type: object
+          properties:
+            header:
+              type: object
+              additionalProperties:
+                type: string
+            payload:
+              type: object
+              additionalProperties: true
     Link:
       type: object
       properties:

src/main/java/kz/ncanode/controller/JwtController.java

@@ -0,0 +1,35 @@
+package kz.ncanode.controller;
+
+import kz.ncanode.dto.request.JwtDecodeRequest;
+import kz.ncanode.dto.request.JwtEncodeRequest;
+import kz.ncanode.dto.response.JwtDecodeResponse;
+import kz.ncanode.dto.response.JwtEncodeResponse;
+import kz.ncanode.service.JwtService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.validation.Valid;
+
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+@Tag(name = "JWT", description = "Методы для работы с JWT")
+@RestController
+@RequestMapping("jwt")
+@RequiredArgsConstructor
+public class JwtController {
+    private final JwtService jwtService;
+
+    @PostMapping("/encode")
+    public ResponseEntity<JwtEncodeResponse> encode(@Valid @RequestBody JwtEncodeRequest jwtEncodeRequest) {
+        return ResponseEntity.ok(jwtService.encode(jwtEncodeRequest));
+    }
+
+    @PostMapping("/decode")
+    public ResponseEntity<JwtDecodeResponse> decode(@Valid @RequestBody JwtDecodeRequest jwtDecodeRequest) {
+        return ResponseEntity.ok(jwtService.decode(jwtDecodeRequest));
+    }
+}

src/main/java/kz/ncanode/dto/request/JwtDecodeRequest.java

@@ -0,0 +1,20 @@
+package kz.ncanode.dto.request;
+
+import lombok.Builder;
+import lombok.Data;
+import lombok.extern.jackson.Jacksonized;
+
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+
+@Jacksonized
+@Data
+@Builder
+public class JwtDecodeRequest {
+
+    @NotNull
+    private String jwt;
+
+    @NotEmpty
+    private String key;
+}

src/main/java/kz/ncanode/dto/request/JwtEncodeRequest.java

@@ -0,0 +1,70 @@
+package kz.ncanode.dto.request;
+
+import com.fasterxml.jackson.annotation.JsonAnyGetter;
+import com.fasterxml.jackson.annotation.JsonAnySetter;
+import lombok.Builder;
+import lombok.Data;
+import lombok.extern.jackson.Jacksonized;
+
+import javax.validation.Valid;
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+@Jacksonized
+@Data
+@Builder
+public class JwtEncodeRequest {
+
+    @NotNull
+    @Valid
+    private JwtRequest jwt;
+
+    @NotEmpty
+    private String key;
+
+    @NotEmpty
+    private String password;
+
+    private String keyAlias;
+
+    @Jacksonized
+    @Data
+    @Builder
+    public static class JwtRequest {
+        @NotNull
+        @Valid
+        private JwtHeader header;
+
+        @NotNull
+        @Valid
+        private JwtPayload payload;
+    }
+
+    @Jacksonized
+    @Data
+    @Builder
+    public static class JwtHeader {
+        @NotEmpty
+        private String alg;
+
+        @NotEmpty
+        private String typ;
+    }
+
+    @Data
+    public static class JwtPayload {
+        private final Map<String, Object> claims = new LinkedHashMap<>();
+
+        @JsonAnySetter
+        public void setClaim(String key, Object value) {
+            claims.put(key, value);
+        }
+
+        @JsonAnyGetter
+        public Map<String, Object> getClaims() {
+            return claims;
+        }
+    }
+}

src/main/java/kz/ncanode/dto/response/JwtDecodeResponse.java

@@ -0,0 +1,26 @@
+package kz.ncanode.dto.response;
+
+import lombok.Builder;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.experimental.SuperBuilder;
+import lombok.extern.jackson.Jacksonized;
+
+import java.util.Map;
+
+@Jacksonized
+@EqualsAndHashCode(callSuper = true)
+@Data
+@SuperBuilder
+public class JwtDecodeResponse extends StatusResponse {
+    private boolean valid;
+    private Jwt jwt;
+
+    @Jacksonized
+    @Data
+    @Builder
+    public static class Jwt {
+        private Map<String, String> header;
+        private Map<String, Object> payload;
+    }
+}

src/main/java/kz/ncanode/dto/response/JwtEncodeResponse.java

@@ -0,0 +1,14 @@
+package kz.ncanode.dto.response;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.experimental.SuperBuilder;
+import lombok.extern.jackson.Jacksonized;
+
+@Jacksonized
+@EqualsAndHashCode(callSuper = true)
+@Data
+@SuperBuilder
+public class JwtEncodeResponse extends StatusResponse {
+    private String jwt;
+}