generate jwt

Signed-off-by: Andrew Mak <[email protected]>

Author: makandre

.factorypath

@@ -76,14 +76,17 @@
     <factorypathentry kind="VARJAR" id="M2_REPO/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.10.3/jackson-dataformat-yaml-2.10.3.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/org/yaml/snakeyaml/1.24/snakeyaml-1.24.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.10.3/jackson-datatype-jsr310-2.10.3.jar" enabled="true" runInBatchMode="false"/>
-    <factorypathentry kind="VARJAR" id="M2_REPO/com/fasterxml/jackson/core/jackson-annotations/2.10.3/jackson-annotations-2.10.3.jar" enabled="true" runInBatchMode="false"/>
-    <factorypathentry kind="VARJAR" id="M2_REPO/com/fasterxml/jackson/core/jackson-databind/2.10.3/jackson-databind-2.10.3.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/com/fasterxml/jackson/core/jackson-core/2.10.3/jackson-core-2.10.3.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/io/fabric8/zjsonpatch/0.3.0/zjsonpatch-0.3.0.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/com/github/mifmif/generex/1.0.2/generex-1.0.2.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/dk/brics/automaton/automaton/1.11-8/automaton-1.11-8.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/io/fabric8/openshift-client/4.10.3/openshift-client-4.10.3.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/commons-codec/commons-codec/1.15/commons-codec-1.15.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/org/bouncycastle/bcpkix-jdk15on/1.68/bcpkix-jdk15on-1.68.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/org/bouncycastle/bcprov-jdk15on/1.68/bcprov-jdk15on-1.68.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/auth0/java-jwt/3.12.0/java-jwt-3.12.0.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/fasterxml/jackson/core/jackson-databind/2.10.5.1/jackson-databind-2.10.5.1.jar" enabled="true" runInBatchMode="false"/>
+    <factorypathentry kind="VARJAR" id="M2_REPO/com/fasterxml/jackson/core/jackson-annotations/2.10.5/jackson-annotations-2.10.5.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/org/apache/logging/log4j/log4j-slf4j-impl/2.13.3/log4j-slf4j-impl-2.13.3.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/org/apache/logging/log4j/log4j-api/2.13.3/log4j-api-2.13.3.jar" enabled="true" runInBatchMode="false"/>
     <factorypathentry kind="VARJAR" id="M2_REPO/org/apache/logging/log4j/log4j-core/2.13.3/log4j-core-2.13.3.jar" enabled="true" runInBatchMode="false"/>

config/build.sh

@@ -5,6 +5,8 @@ YAML=900-integrations.yaml
 echo "---" > $YAML
 kamel run --name github-app \
     -d mvn:commons-codec:commons-codec:1.15 \
+    -d mvn:org.bouncycastle:bcpkix-jdk15on:1.68 \
+    -d mvn:com.auth0:java-jwt:3.12.0 \
     ../src/main/java/GitHubApp.java \
     ../src/main/java/CallbackHandler.java \
     ../src/main/java/EventsHandler.java \

pom.xml

@@ -52,6 +52,16 @@
       <artifactId>commons-codec</artifactId>
       <version>1.15</version>
     </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcpkix-jdk15on</artifactId>
+      <version>1.68</version>
+    </dependency>
+    <dependency>
+      <groupId>com.auth0</groupId>
+      <artifactId>java-jwt</artifactId>
+      <version>3.12.0</version>
+    </dependency>
 
     <!-- logging -->
     <dependency>

src/main/java/EventsHandler.java

@@ -1,15 +1,23 @@
 // camel-k: language=java
 
+import java.io.IOException;
+import java.io.StringReader;
 import java.security.GeneralSecurityException;
+import java.security.KeyPair;
 import java.security.MessageDigest;
 import java.security.SignatureException;
+import java.security.interfaces.RSAPrivateKey;
 import java.util.Base64;
 import java.util.Base64.Decoder;
 import java.util.Map;
 
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
 
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.exceptions.JWTCreationException;
+
 import org.apache.camel.Exchange;
 import org.apache.camel.ExchangeProperty;
 import org.apache.camel.Header;
@@ -18,6 +26,9 @@
 import org.apache.camel.support.builder.PredicateBuilder;
 import org.apache.commons.codec.DecoderException;
 import org.apache.commons.codec.binary.Hex;
+import org.bouncycastle.openssl.PEMKeyPair;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
 
 import io.fabric8.kubernetes.api.model.Secret;
 
@@ -49,6 +60,28 @@ void validateSignature(
         log.info("-> Signature {} is valid", signature);
     }
 
+    String generateJWT(
+        @ExchangeProperty(GitHubApp.PEM) String pem,
+        @ExchangeProperty("app_id") String appId)
+        throws IOException {
+
+        try (PEMParser parser = new PEMParser(new StringReader(pem))) {
+
+            // read the private key
+            JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
+            KeyPair kp = converter.getKeyPair((PEMKeyPair) parser.readObject());
+            RSAPrivateKey key = (RSAPrivateKey) kp.getPrivate();
+        
+            // create and sign JWT with private key
+            return JWT.create()
+                .withIssuer(appId)
+                .sign(Algorithm.RSA256(null, key));
+        }
+        catch (JWTCreationException e) {
+            throw new IOException("Error creating JWT token", e);
+        }
+    }
+    
     @Override
     public void configure() throws Exception {
 
@@ -77,6 +110,7 @@ public void configure() throws Exception {
 
             .onException(DecoderException.class)
             .onException(GeneralSecurityException.class)
+            .onException(IOException.class)
                 .handled(true)
                 .removeHeaders("*")
                 .setHeader(Exchange.HTTP_RESPONSE_CODE, constant(404))
@@ -90,9 +124,10 @@ public void configure() throws Exception {
             // get app secrets
             .to("direct:get-secret")
 
+            // validate the event and request for an access token
             .bean(this, "validateSignature")
-            // TODO: generate JWT
-            // TODO: request access token
+            .setProperty("jwt", method(this, "generateJWT"))
+            .log("TODO: ${exchangeProperty[jwt]}") // TODO: request access token
 
             // restore original payload
             .setBody(exchangeProperty("payload"))
@@ -113,6 +148,7 @@ public void configure() throws Exception {
                     Map<String, String> data = secret.getData();
 
                     exchange.setProperty(GitHubApp.WEBHOOK_SECRET, decoder.decode(data.get(GitHubApp.WEBHOOK_SECRET)));
+                    exchange.setProperty(GitHubApp.PEM, decoder.decode(data.get(GitHubApp.PEM)));
                 }
             });
     }