ServiceContext #19
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,129 @@ | ||
| const crypto = require('crypto'); | ||
| const KeyJar = require('../nodeOIDCMsg/src/oicMsg/keystore/KeyJar').KeyJar; | ||
|
|
||
| /** | ||
| * This class keeps information that a client needs to be able to talk | ||
| * to a server. Some of this information comes from configuration and some | ||
| * from dynamic provider info discovery or client registration. | ||
| * But information is also picked up during the conversation with a server. | ||
| */ | ||
| class ServiceContext { | ||
| /** | ||
| * @param {KeyJar} keyjar OIDCMsg KeyJar instance that contains the RP signing and encyrpting keys | ||
| * @param {Object<string, string>} config Client configuration | ||
| * @param {Object<string, string>} params Other attributes that might be needed | ||
|
Collaborator
There was a problem hiding this comment. Mark at least this parameter as an optional one: http://usejsdoc.org/tags-param.html#optional-parameters-and-default-values The syntax (JSDoc vs. Google Closure Compiler) should be the same as in the other repos you are working on. |
||
| */ | ||
| constructor(keyjar, config, params) { | ||
| this.keyjar = keyjar || new KeyJar(); | ||
| this.providerInfo = {}; | ||
|
Collaborator
There was a problem hiding this comment. I noticed that several member variables are defined with similar naming, e.g.:
Is this intentional?
Contributor
Author
There was a problem hiding this comment. The providerInfo and provider_info is intentional. One refers to the class object and the other refers to config attr. All other names are unintentional and I have fixed it. Good catch ;) |
||
| this.registrationResponse = {}; | ||
| this.kid = {'sig': {}, 'enc': {}}; | ||
| this.config = config || {}; | ||
| let defaultVal = ''; | ||
|
|
||
| if (params) { | ||
| for (var i = 0; i < Object.keys(params).length; i++){ | ||
|
Collaborator
There was a problem hiding this comment. {style} Add a whitespace before '{'. |
||
| let key = Object.keys(params)[i]; | ||
| let val = params[key]; | ||
| this[key] = val; | ||
| } | ||
| } | ||
|
|
||
| this.client_id = this.config['client_id'] || defaultVal; | ||
|
Collaborator
There was a problem hiding this comment. I thought a bit more about the use of a variable for the default value, and I think in this case were you have two different default values it's slightly confusing. Therefore I would suggest to remove |
||
| this.issuer = this.config['issuer'] || defaultVal; | ||
| this.client_secret = this.config['client_secret'] || defaultVal; | ||
|
|
||
| this.setclient_secret(this.client_secret); | ||
|
||
| this.base_url = this.config['base_url'] || defaultVal; | ||
| this.request_dir = this.config['requests_dir'] || defaultVal; | ||
|
|
||
| defaultVal = {} | ||
| this.allow = this.config['allow'] || defaultVal; | ||
| this.client_prefs = this.config['client_preferences'] || defaultVal; | ||
| this.behavior = this.config['behaviour'] || defaultVal; | ||
| this.provider_info = this.config['provider_info'] || defaultVal; | ||
|
|
||
| try { | ||
|
Collaborator
There was a problem hiding this comment. This could be simplified to |
||
| this.redirectUris = this.config['redirect_uris']; | ||
| } catch (err) { | ||
| this.redirectUris = [null]; | ||
| } | ||
|
|
||
| try { | ||
|
||
| this.callback = this.config['callback']; | ||
| } catch (err) { | ||
| this.callback = {}; | ||
| } | ||
|
|
||
| if (config && Object.keys(config).indexOf('keydefs') !== -1) { | ||
| this.keyjar = this.buildKeyJar(config['keydefs'], this.keyjar)[1]; | ||
|
||
| } | ||
|
|
||
| return this; | ||
| } | ||
|
|
||
| getclient_secret() { | ||
|
||
| return this.client_secret; | ||
| } | ||
|
|
||
| setclient_secret(val) { | ||
|
||
| if (!val) { | ||
| this.client_secret = ''; | ||
| } else { | ||
| this.client_secret = val; | ||
| // client uses it for signing | ||
| // Server might also use it for signing which means the | ||
| // client uses it for verifying server signatures | ||
| if (this.keyjar == null) { | ||
| this.keyjar = new KeyJar(); | ||
| } | ||
| this.keyjar.addSymmetric('', val.toString()); | ||
|
Collaborator
There was a problem hiding this comment. Add a unit test that verifies that a symmetric key is added to the keyjar. |
||
| } | ||
| } | ||
|
|
||
| /** | ||
| * Need to generate a redirect_uri path that is unique for a OP/RP combo | ||
| * This is to counter the mix-up attack. | ||
| * @param {string} path Leading path | ||
| * @return A list of one unique URL | ||
|
|
||
| */ | ||
| generateRequestUris(path) { | ||
| let m = crypto.createHmac('sha256', ''); | ||
| try { | ||
| m.update(this.providerInfo['issuer']); | ||
|
Collaborator
There was a problem hiding this comment. You could probably shorten this try catch to the following: |
||
| } catch (error) { | ||
| m.update(this.issuer); | ||
| } | ||
| m.update(this.base_url); | ||
| if (!path.startsWith('/')){ | ||
| return [this.base_url + '/' + path+ '/' + m.digest('hex')]; | ||
| }else{ | ||
| return [this.base_url + path + '/' + m.digest('hex')]; | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * A 1<->1 map is maintained between a URL pointing to a file and | ||
| * the name of the file in the file system. | ||
| * | ||
| * As an example if the base_url is 'https://example.com' and a jwks_uri | ||
| * is 'https://example.com/jwks_uri.json' then the filename of the | ||
| * corresponding file on the local filesystem would be 'jwks_uri'. | ||
|
||
| * Relative to the directory from which the RP instance is run. | ||
| * | ||
| * @param {*} webName | ||
|
||
| */ | ||
| filenameFromWebName(webName) { | ||
| if (webName.startsWith(this.base_url) == false){ | ||
| console.log('ValueError'); | ||
|
Collaborator
There was a problem hiding this comment. Shouldn't this lead to some error or invalid filename? Just logging a not very informative message and proceeding with the filename detection may lead to some unpredictable behavior.
Collaborator
There was a problem hiding this comment. I don't think that just logging and still proceeding afterwards is the right thing to do here. |
||
| } | ||
| let name = webName.substring(this.base_url.length, webName.length); | ||
| if (name.startsWith('/')) { | ||
| return name.substring(1, name.length); | ||
| } else { | ||
| let splitName = name.split('/'); | ||
|
Collaborator
There was a problem hiding this comment. Please add more unit tests for this function to cover all the various cases to determine the local filename. Also cover the case, as mentioned above, when the |
||
| return splitName[splitName.length - 1]; | ||
| } | ||
| } | ||
| } | ||
|
|
||
| module.exports.ServiceContext = ServiceContext; | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The module location will change once you're done with the nodeOIDCMsg repo, right?
If so, could you already require the correct and to be expected location of the module here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why would the module location change?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, this wasn't too clear. What I meant is whether nodeOIDCMsg becomes a dependency of the nodeOIDCService at some point that is listed in the dependency section of the
package.jsonfile? If that's the case the path in this in this require statement would slightly change.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On my todo list