Add dummy replay detector

Author: michielbdejong

run-solid-test-suite.sh

@@ -20,8 +20,8 @@ function setup {
 }
 
 function runPss {
-  docker run -d --name server --network=testnet --env-file ./env-vars-for-test-image.list standalone-solid-server
-  docker run -d --name thirdparty --network=testnet --env-file ./env-vars-for-third-party.list standalone-solid-server
+  docker run -d --name server --network=testnet --env-file ./env-vars-for-test-image.list -v `pwd`/src:/app/src standalone-solid-server
+  docker run -d --name thirdparty --network=testnet --env-file ./env-vars-for-third-party.list -v `pwd`/src:/app/src standalone-solid-server
 
   docker run -d --name pubsub --network=testnet pubsub-server
 

src/Controller/ServerController.php

@@ -2,12 +2,16 @@
 
 namespace Pdsinterop\Solid\Controller;
 
+use Pdsinterop\Solid\DpopFactoryTrait;
 use Pdsinterop\Solid\Auth\Config\Client;
 use Pdsinterop\Solid\Auth\Enum\Authorization;
 use Pdsinterop\Solid\Auth\Factory\ConfigFactory;
 
 abstract class ServerController extends AbstractController
 {
+
+	use DpopFactoryTrait;
+
     protected $authServerConfig;
     protected $authServerFactory;
     protected $baseUrl;
@@ -24,7 +28,11 @@ public function __construct()
 
 		$this->authServerConfig = $this->createAuthServerConfig();
 		$this->authServerFactory = (new \Pdsinterop\Solid\Auth\Factory\AuthorizationServerFactory($this->authServerConfig))->create();
-		$this->tokenGenerator = (new \Pdsinterop\Solid\Auth\TokenGenerator($this->authServerConfig));
+		$this->tokenGenerator = (new \Pdsinterop\Solid\Auth\TokenGenerator(
+            $this->authServerConfig,
+			$this->getDpopValidFor(),
+			$this->getDpop()
+        ));
 		$this->baseUrl = isset($_ENV['SERVER_ROOT']) ? $_ENV['SERVER_ROOT'] : "https://localhost";
     }
 
@@ -59,7 +67,7 @@ public function getKeys()
 
     public function createAuthServerConfig()
     {
-        $clientId = $_GET['client_id']; // FIXME: No request object here to get the client Id from.
+        $clientId = ''; // $_GET['client_id']; // FIXME: No request object here to get the client Id from.
         $client = $this->getClient($clientId);
         $keys = $this->getKeys();
 

src/DpopFactoryTrait.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace Pdsinterop\Solid;
+
+use DateInterval;
+// use OCP\IDBConnection;
+use Pdsinterop\Solid\Auth\Utils\DPop;
+use Pdsinterop\Solid\Auth\Utils\JtiValidator;
+
+trait DpopFactoryTrait
+{
+    ////////////////////////////// CLASS PROPERTIES \\\\\\\\\\\\\\\\\\\\\\\\\\\\
+
+    // private IDBConnection $connection;
+    private DateInterval $validFor;
+
+    //////////////////////////////// PUBLIC API \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
+
+    final public function getDpop(): DPop
+    {
+        $interval = $this->getDpopValidFor();
+
+        // $replayDetector = new JtiReplayDetector($interval, $this->connection);
+        $replayDetector = new JtiReplayDetector($interval, null);
+
+        $jtiValidator = new JtiValidator($replayDetector);
+
+        return new DPop($jtiValidator);
+    }
+
+    final public function getDpopValidFor(): DateInterval
+    {
+        static $validFor;
+
+        if ($validFor === null) {
+            $validFor = new DateInterval('PT10M');
+        }
+
+        return $validFor;
+    }
+
+    final public function setJtiStorage(): void
+    {
+        // FIXME
+    }
+
+    ////////////////////////////// UTILITY METHODS \\\\\\\\\\\\\\\\\\\\\\\\\\\\\
+}

src/JtiReplayDetector.php

@@ -0,0 +1,78 @@
+<?php
+
+namespace Pdsinterop\Solid;
+
+use DateInterval;
+use DateTime;
+// use OCP\DB\QueryBuilder\IQueryBuilder;
+// use OCP\IDBConnection;
+use Pdsinterop\Solid\Auth\ReplayDetectorInterface;
+
+class JtiReplayDetector implements ReplayDetectorInterface
+{
+    ////////////////////////////// CLASS PROPERTIES \\\\\\\\\\\\\\\\\\\\\\\\\\\\
+
+    private string $table = 'solid_jti';
+
+    //////////////////////////////// PUBLIC API \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
+
+    public function __construct(private DateInterval $interval)
+    {
+    }
+
+    public function detect(string $jti, string $targetUri): bool
+    {
+        $hash = sha1($targetUri);
+
+        // @TODO: $this->rotateBuckets();
+        $has = $this->has($jti, $hash);
+
+        if ($has === false) {
+            $this->store($jti, $hash);
+        }
+
+        return $has;
+    }
+
+    ////////////////////////////// UTILITY METHODS \\\\\\\\\\\\\\\\\\\\\\\\\\\\\
+
+    private function has(string $jti, string $uri): bool
+    {
+        $queryBuilder = $this->connection->getQueryBuilder();
+
+        $notOlderThan = (new DateTime())->sub($this->interval);
+
+        // $cursor = $queryBuilder->select('*')
+        //     ->from($this->table)
+        //     ->where(
+        //         $queryBuilder->expr()->eq('jti', $queryBuilder->createNamedParameter($jti,IQueryBuilder::PARAM_STR))
+        //     )
+        //     ->andWhere(
+        //         $queryBuilder->expr()->eq('uri', $queryBuilder->createNamedParameter($uri, IQueryBuilder::PARAM_STR))
+        //     )
+        //     ->andWhere(
+        //         $queryBuilder->expr()->gt('request_time', $queryBuilder->createParameter('notOlderThan'))
+        //     )->setParameter('notOlderThan', $notOlderThan, 'datetime')
+        //     ->execute()
+        // ;
+
+        // $row = $cursor->fetch();
+
+        // $cursor->closeCursor();
+
+        return false ; // FIXME! REPLAY PROTECTION DISABLED!! ! empty($row);
+    }
+
+    private function store(string $jti, string $uri): void
+    {
+        // $queryBuilder = $this->connection->getQueryBuilder();
+
+        // $queryBuilder->insert($this->table)
+        //     ->values([
+        //         'jti' => $queryBuilder->createNamedParameter($jti),
+        //         'uri' => $queryBuilder->createNamedParameter($uri),
+        //     ])
+        //     ->executeStatement()
+        // ;
+    }
+}