reclaim-oidc 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8457ee899a43a473780d2e48d89d8f5d91448749c1f1d12426ce1f37170db612
+  data.tar.gz: '08e4e088fe5d3e5cab0ae7ac176863721fe8e32e8f6135d5e8233aa824ac52bb'
+SHA512:
+  metadata.gz: aeb2aea87d30407080a8220c8d733070c44e624c02c502d8fe73ec26c60b3703c485d0f7292a107ee9340567917c092988bd635aeb1eab6cf7cb1fb002c6ffd5
+  data.tar.gz: a6da4bb73e033ca1508b516c7c03fdbe55148c3f9483579b5436e5456473b740e724b4e748ed25aa4550bbb29087307d30e545737814b43274d11f4cc7fe673f

data/bin/reclaim-oidc

@@ -0,0 +1,154 @@
+#!/usr/bin/env ruby
+require 'optparse'
+require 'reclaim_oidc'
+
+class OptParser
+  class ScriptOptions
+    attr_accessor :name, :add, :delete, :list, :description, :redirect_uri,
+                  :verbose
+
+    def initialize
+      self.delete = false
+      self.add = false
+      self.list = false
+      self.verbose = false
+    end
+
+    def define_options(parser)
+      parser.banner = "Usage: reclaim-oidc [options]"
+      parser.separator ""
+      parser.separator "Specific options:"
+
+      # add additional options
+      add_option(parser)
+      delete_option(parser)
+      list_option(parser)
+      client_name_option(parser)
+      client_redirect_option(parser)
+      client_description_option(parser)
+      boolean_verbose_option(parser)
+
+      parser.separator ""
+      parser.separator "Common options:"
+      # No argument, shows at tail.  This will print an options summary.
+      parser.on_tail("-h", "--help", "Show this message") do
+        puts parser
+        exit
+      end
+      # Another typical switch to print the version.
+      parser.on_tail("--version", "Show version") do
+        puts ReclaimOidc.version
+        exit
+      end
+    end
+
+    def client_name_option(parser)
+      parser.on("-n", "--client-name [NAME]",
+                "Name of the OIDC client") do |n|
+        self.name = n
+      end
+    end
+
+    def client_redirect_option(parser)
+      parser.on("-r", "--redirect-uri [URI]",
+                "The OIDC redirect_uri parameter") do |n|
+        self.redirect_uri = n
+      end
+    end
+
+    def client_description_option(parser)
+      parser.on("-D", "--description [DESCRIPTION]",
+                "The OIDC client description") do |n|
+        self.description = n
+      end
+    end
+
+    def add_option(parser)
+      parser.on("-a", "--add", "Add a client") do |v|
+        self.add = v
+      end
+    end
+
+    def delete_option(parser)
+      parser.on("-d", "--delete", "Delete a client") do |v|
+        self.delete = v
+      end
+    end
+
+    def list_option(parser)
+      parser.on("-l", "--list", "List clients") do |v|
+        self.list = v
+      end
+    end
+
+    def boolean_verbose_option(parser)
+      # Boolean switch.
+      parser.on("-v", "--[no-]verbose", "Run verbosely") do |v|
+        self.verbose = v
+      end
+    end
+  end
+
+  #
+  # Return a structure describing the options.
+  #
+  def parse(args)
+    # The options specified on the command line will be collected in
+    # *options*.
+
+    @options = ScriptOptions.new
+    @args = OptionParser.new do |parser|
+      @options.define_options(parser)
+      parser.parse!(args)
+    end
+    @options
+  end
+
+  attr_reader :parser, :options
+end  # class OptparseExample
+
+op = OptParser.new
+options = op.parse(ARGV)
+#pp options
+#pp ARGV
+
+roidc = ReclaimOidc.new(options.verbose)
+
+if (options.list)
+  op = roidc.get_op_info
+  puts "OpenID Connect Provider Information:"
+  puts "------------------------------------"
+  puts "Authorize Endpoint: #{op['authz_endpoint']}"
+  puts "Token Endpoint: #{op['token_endpoint']}"
+  puts "JSON-Web-Token Algorithm: #{op['jwt_algo']}"
+  puts "JSON-Web-Token key: #{op['jwt_key']}"
+  puts "Example Authorization Redirect:"
+  puts "https://api.reclaim/openid/authorize?client_id=<client_id>&redirect_uri=<redirect_uri>&scope=email%20full_name&nonce=1234"
+  puts ""
+  puts "Registered Clients:"
+  puts "-------------------"
+  clients = roidc.get_clients
+  clients.each do |client|
+    puts "name: #{client.name}"
+    puts "client_id: #{client.key}"
+    puts "client_secret: #{client.secret}"
+    puts "description: #{client.description}"
+    puts "redirect_uri: #{client.redirect_uri}"
+    puts "---"
+  end
+  exit
+end
+if (options.add)
+  if options.name.nil? or options.redirect_uri.nil?
+    puts "ERROR: Missing options"
+    exit
+  end
+  roidc.add_client(options.name,options.redirect_uri,options.description)
+  puts "OK"
+  exit
+end
+if (options.delete)
+  roidc.delete_client(options.name)
+  puts "OK"
+end
+

data/lib/reclaim_oidc.rb

@@ -0,0 +1,104 @@
+require 'net/http'
+require 'json'
+
+class ReclaimOidc
+  def initialize(verbose=false, url='http://localhost:7776')
+    @verbose = verbose
+    @url = url
+    @client_secret = get_client_secret()
+  end
+  def self.hello
+    puts "Hello World!"
+  end
+  def parse_identities_from_http(body)
+    arr = JSON.parse(body)
+    ids = []
+    arr.each do |obj|
+      obj["secret"] = @client_secret
+      ids << ReclaimOidc::Client.from_json(obj)
+    end
+    ids
+  end
+
+  def get_client_secret
+    uri = URI(@url + '/config/reclaim-rest-plugin')
+    resp = JSON.parse Net::HTTP.get(uri)
+    return resp["PSW"]
+  end
+
+  def get_clients
+    uri = URI(@url + '/identity/all')
+    ids = parse_identities_from_http(Net::HTTP.get(uri))
+    result = []
+    ids.each do |id|
+      uri = URI(@url + "/namestore/#{id.name}")
+      id.parse_client_info(JSON.parse(Net::HTTP.get(uri)))
+      next if id.redirect_uri.nil?
+      result << id
+    end
+    result
+  end
+  def add_client(name,redirect_uri,description)
+    raise if redirect_uri.nil? or description.nil? or name.nil?
+    uri = URI(@url + '/identity')
+    payload = {'name' => "#{name}"}.to_json
+    resp = Net::HTTP.post(uri, payload)
+    uri = URI(@url + "/namestore/#{name}")
+    record = {'record_type' => "RECLAIM_OIDC_CLIENT",
+              'value' => description,
+              'record_name' => "@",
+              'expiration_time' => "1d",
+              'flag' => 8}
+    resp = Net::HTTP.post(uri,record.to_json)
+    record = {'record_type' => "RECLAIM_OIDC_REDIRECT",
+              'value' => redirect_uri,
+              'record_name' => "@",
+              'expiration_time' => "1d",
+              'flag' => 8}
+    resp = Net::HTTP.post(uri,record.to_json)
+  end
+  def delete_client(name)
+    raise if name.nil?
+    uri = URI(@url + "/identity/name/#{name}")
+    Net::HTTP.start(uri.host, uri.port) do |http|
+      request = Net::HTTP::Delete.new uri
+      resp = http.request request # Net::HTTPResponse object
+    end
+  end
+  def get_op_info
+    uri = URI(@url + '/config/reclaim-rest-plugin')
+    resp = JSON.parse Net::HTTP.get(uri)
+    op = {}
+    op['jwt_key'] = resp["JWT_SECRET"]
+    op['jwt_algo'] = 'HS512' # FIXME
+    host = 'http://localhost:7776'
+    op['authz_endpoint'] = host + '/openid/authorize'
+    op['token_endpoint'] = host + '/openid/token'
+    op
+  end
+  def set_jwt_secret
+    raise
+  end
+
+  class Client
+    attr_reader      :name, :key, :description, :redirect_uri, :secret
+    def initialize(name, key, secret)
+      @name = name
+      @key = key
+      @secret = secret
+    end
+    def self.from_json(obj)
+      id = Client.new(obj['name'], obj['pubkey'], obj['secret'])
+    end
+    def parse_client_info(obj)
+      obj.each do |record|
+        if (record['record_type'] == 'RECLAIM_OIDC_CLIENT')
+          @description = record['value']
+        end
+        if (record['record_type'] == 'RECLAIM_OIDC_REDIRECT')
+          @redirect_uri = record['value']
+        end
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,46 @@
+--- !ruby/object:Gem::Specification
+name: reclaim-oidc
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Martin Schanzenbach
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-04-25 00:00:00.000000000 Z
+dependencies: []
+description: Used to manage re:claimID OpenID Connect clients and OpenID Connect Provider
+  configuration(s)
+email: mschanzenbach@posteo.de
+executables:
+- reclaim-oidc
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/reclaim-oidc
+- lib/reclaim_oidc.rb
+homepage: https://gitlab.com/reclaimid/reclaim-oidc
+licenses:
+- AGPL-3.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: re:claimID OpenID Connect CLI
+test_files: []