Use deps.edn (clojure tools deps) to specify dependencies

To make library consumeable by tools deps based projects the
dependencies are now specified using a deps.edn file. This file is then
consumed by leiningen via the lein tools deps plugin.

Test dependencies are specified directly in the leiningen project.clj
file.
Signed-off-by: Snorre Magnus Davøen's avatarSnorre Magnus Davøen <snorre.davoen@nsd.no>
parent 1c495cde
Pipeline #13756 failed with stage
in 23 seconds
...@@ -9,3 +9,4 @@ pom.xml.asc ...@@ -9,3 +9,4 @@ pom.xml.asc
/.nrepl-port /.nrepl-port
.hgignore .hgignore
.hg/ .hg/
.cpcache
\ No newline at end of file
{:paths ["src"]
:deps {org.clojure/clojure {:mvn/version "1.9.0"}
buddy/buddy-core {:mvn/version "1.5.0"}
buddy/buddy-sign {:mvn/version "3.0.0"}
org.clojure/data.json {:mvn/version "0.2.6"}
org.clojure/algo.generic {:mvn/version "0.1.3"}
invetica/uri {:mvn/version "0.5.0"}}}
...@@ -3,12 +3,9 @@ ...@@ -3,12 +3,9 @@
:url "http://example.com/FIXME" :url "http://example.com/FIXME"
:license {:name "Eclipse Public License" :license {:name "Eclipse Public License"
:url "http://www.eclipse.org/legal/epl-v10.html"} :url "http://www.eclipse.org/legal/epl-v10.html"}
:dependencies [[org.clojure/clojure "1.9.0"] :middleware [lein-tools-deps.plugin/resolve-dependencies-with-deps-edn]
[buddy/buddy-core "1.5.0"] :plugins [[lein-tools-deps "0.4.1"]]
[buddy/buddy-sign "3.0.0"] :lein-tools-deps/config {:config-files [:project]}
[org.clojure/data.json "0.2.6"]
[org.clojure/algo.generic "0.1.3"]
[invetica/uri "0.5.0"]]
:profiles {:test {:resource-paths ["test-resources"] :profiles {:test {:resource-paths ["test-resources"]
:dependencies [[org.clojure/test.check "0.9.0"] :dependencies [[org.clojure/test.check "0.9.0"]
[clj-time "0.14.4"] [clj-time "0.14.4"]
......
...@@ -12,20 +12,21 @@ ...@@ -12,20 +12,21 @@
(def jwtregex #"^[a-zA-Z0-9\-_=]+?\.[a-zA-Z0-9\-_=]+?\.[a-zA-Z0-9\-_=]+?$") (def jwtregex #"^[a-zA-Z0-9\-_=]+?\.[a-zA-Z0-9\-_=]+?\.[a-zA-Z0-9\-_=]+?$")
(s/def ::sub (s/nilable :no.nsd.authorizer/uuid)) (s/def ::sub (s/nilable string?))
(s/def ::kid string?) (s/def ::kid (s/with-gen (s/nilable string?)
#(s/gen #{"test-key"})))
(s/def ::scope (s/nilable string?)) (s/def ::scope (s/nilable string?))
(s/def ::scopes (s/nilable (s/coll-of string? :kind set?))) (s/def ::scopes (s/nilable (s/coll-of string? :kind set?)))
(s/def ::exp (s/and integer? (s/def ::exp (s/nilable (s/and integer?
pos?)) pos?)))
(s/def ::kty (s/with-gen (s/and string? (s/def ::kty (s/with-gen (s/nilable (s/and string?
#(= "RSA" %)) #(= "RSA" %)))
#(s/gen #{"RSA"}))) #(s/gen #{"RSA" nil})))
(s/def ::n (s/with-gen string? (s/def ::n (s/with-gen string?
#(s/gen #{;;valid: #(s/gen #{;;valid:
...@@ -35,13 +36,16 @@ ...@@ -35,13 +36,16 @@
(s/def ::e string?) (s/def ::e string?)
(s/def ::subject (s/nilable (s/keys :req-un [::sub ::exp] (s/def ::claims (s/nilable (s/keys :opt-un [::exp
:opt-un [::scope ::scope
::scopes]))) ::scopes
::sub])))
(s/def ::jwt (s/nilable (s/and string? (s/def ::jwt (s/nilable (s/and string?
#(re-matches jwtregex %)))) #(re-matches jwtregex %))))
(s/def ::jwt-header (s/keys :req-un [::kid ::kty]))
(s/def ::jwk (s/keys :req-un [::kty ::e ::n ::kid])) (s/def ::jwk (s/keys :req-un [::kty ::e ::n ::kid]))
(s/def ::RSAPublicKey keys/public-key?) (s/def ::RSAPublicKey keys/public-key?)
...@@ -53,12 +57,15 @@ ...@@ -53,12 +57,15 @@
#(s/gen #{(resource "jwks.json") #(s/gen #{(resource "jwks.json")
(resource "jwks-other.json")}))) (resource "jwks-other.json")})))
(s/def ::jwks-url (s/or :url :invetica.uri/absolute-uri
:resource ::resource))
(s/fdef jwks-edn->public-keys (s/fdef jwks-edn->public-keys
:args (s/cat :jwks (s/coll-of ::jwk :type vector?)) :args (s/cat :jwks (s/coll-of ::jwk :type vector?))
:ret ::key-store) :ret ::key-store)
(defn jwks-edn->public-keys (defn- jwks-edn->public-keys
"Transform vector of json-web-keys to map of kid -> PublicKey pairs." "Transform vector of json-web-keys to map of kid -> PublicKey pairs."
[json-web-keys] [json-web-keys]
(->> json-web-keys (->> json-web-keys
...@@ -70,18 +77,23 @@ ...@@ -70,18 +77,23 @@
(s/fdef fetch-keys (s/fdef fetch-keys
:args (s/cat :jwks-url (s/or :url :invetica.uri/absolute-uri :args (s/cat :jwks-url ::jwks-url)
:resource ::resource)) :ret (s/with-gen ::key-store
:ret ::key-store) #(s/gen #{(->> (resource "jwks.json")
slurp
((fn [jwks-string] (json/read-str jwks-string :key-fn keyword)))
jwks-edn->public-keys)})))
(defn fetch-keys (defn- fetch-keys
"Fetches the jwks from the supplied jwks-url and converts to java Keys. "Fetches the jwks from the supplied jwks-url and converts to java Keys.
Returns a map keyed on key-id where each value is a RSAPublicKey object" Returns a map keyed on key-id where each value is a RSAPublicKey object"
[jwks-url] [jwks-url]
(->> jwks-url (try (->> jwks-url
slurp slurp
(#(json/read-str % :key-fn keyword)) (#(json/read-str % :key-fn keyword))
jwks-edn->public-keys)) jwks-edn->public-keys)
(catch Exception e false)))
(def public-keys (def public-keys
...@@ -90,24 +102,22 @@ ...@@ -90,24 +102,22 @@
(atom {})) (atom {}))
(defn refresh-keys (s/fdef resolve-key
"Fetches keys and updates key store (atom)" :args (s/cat :jwks-url ::jwks-url
[jwks-url] :jwt-header ::jwt-header)
(reset! public-keys :ret ::RSAPublicKey)
(fetch-keys jwks-url)))
(defn resolve-key (defn resolve-key
"Returns java.security.PublicKey given jwks-url and :kid in jwt-header. "Returns java.security.PublicKey given jwks-url and :kid in jwt-header.
If no key is found refreshes" If no key is found refreshes"
[jwks-url jwt-header] [jwks-url jwt-header]
(let [key-fn (fn [] (get (deref public-keys) (:kid jwt-header)))] (let [key-fn (fn [] (get @public-keys (:kid jwt-header)))]
(if-let [key (key-fn)] (if-let [key (key-fn)]
key key
(do (reset! public-keys (fetch-keys jwks-url)) (do (reset! public-keys (or (fetch-keys jwks-url) @public-keys))
(if-let [key (key-fn)] (if-let [key (key-fn)]
key key
(throw (ex-info "Could not locate public key corresponding to jwt header's kid." (throw (ex-info (str "Could not locate public key corresponding to jwt header's kid: " (:kid jwt-header))
{:type :validation :cause :unknown-key}))))))) {:type :validation :cause :unknown-key})))))))
......
...@@ -6,7 +6,6 @@ ...@@ -6,7 +6,6 @@
[clojure.java.io :refer [resource]] [clojure.java.io :refer [resource]]
[clojure.test :refer [deftest testing is]])) [clojure.test :refer [deftest testing is]]))
(def example-jwt "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c") (def example-jwt "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c")
...@@ -54,14 +53,6 @@ vLu9XxKFHYlWPccluz3pqDfaGNPO12968DAldwvAV6hTGgx7oMaNPu0UltgD/aaj ...@@ -54,14 +53,6 @@ vLu9XxKFHYlWPccluz3pqDfaGNPO12968DAldwvAV6hTGgx7oMaNPu0UltgD/aaj
(is (nil? (re-matches clj-jwt/jwtregex "ab12356723cdb.1235412513"))))) (is (nil? (re-matches clj-jwt/jwtregex "ab12356723cdb.1235412513")))))
(deftest refresh-public-keys!
(testing "Repopulates the keystore"
(is (with-redefs [clj-jwt/public-keys (atom {})
clj-jwt/fetch-keys (fn [x] (identity {:foo :bar}))]
(not (empty? (do (clj-jwt/refresh-keys "")
@clj-jwt/public-keys)))))))
(deftest unsign-jwt (deftest unsign-jwt
(testing "Unsigns jwt and returns payload" (testing "Unsigns jwt and returns payload"
(is (= (with-redefs [clj-jwt/public-keys (atom {"test-key" ec-pubkey})] (is (= (with-redefs [clj-jwt/public-keys (atom {"test-key" ec-pubkey})]
......
...@@ -44,7 +44,9 @@ vLu9XxKFHYlWPccluz3pqDfaGNPO12968DAldwvAV6hTGgx7oMaNPu0UltgD/aaj ...@@ -44,7 +44,9 @@ vLu9XxKFHYlWPccluz3pqDfaGNPO12968DAldwvAV6hTGgx7oMaNPu0UltgD/aaj
(def sample-claims {:sub "f750bd26-ae85-4808-8f9a-dcc964fc8664" (def sample-claims {:sub "f750bd26-ae85-4808-8f9a-dcc964fc8664"
:exp (time/plus (time/now) (time/minutes 30))}) :exp (time/plus (time/now) (time/minutes 30))})
(def untestable-funs ['no.nsd.clj-jwt/fetch-keys]) (def untestable-funs ['no.nsd.clj-jwt/fetch-keys
'no.nsd.clj-jwt/resolve-key
'no.nsd.clj-jwt/unsign])
(defn generate-jwt (defn generate-jwt
[claims key] [claims key]
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment