use encrypted JWTs for storing encrypted cache contents

- avoid using static AAD/IV; thanks @niebardzo - bump to 2.4.9-dev Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
OpenIDC · Jun 10, 2021 · 375407c · 375407c
1 parent 56d2e02
commit 375407c
Show file tree

Hide file tree

Showing 7 changed files with 103 additions and 377 deletions.
diff --git a/.gitignore b/.gitignore
@@ -24,3 +24,5 @@
 /Dockerfile-*
 /*.rpm
 
+/config.guess~
+/config.sub~
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,7 @@
+06/10/2021
+- use encrypted JWTs for storing encrypted cache contents and avoid using static AAD/IV; thanks @niebardzo
+- bump to 2.4.9-dev
+
 06/04/2021
 - fix a problem where the host and port are calculated incorrectly, when you use literal ipv6 address.
 

diff --git a/Dockerfile b/Dockerfile
@@ -1,13 +1,14 @@
 FROM ubuntu:bionic
 MAINTAINER hans.zandbelt@zmartzone.eu
 
+ENV DEBIAN_FRONTEND noninteractive
+
 RUN apt-get update && apt-get install -y pkg-config make gcc gdb lcov valgrind vim curl iputils-ping wget
 RUN apt-get update && apt-get install -y autoconf automake libtool
 RUN apt-get update && apt-get install -y libssl-dev libjansson-dev libcurl4-openssl-dev check
-#RUN apt-get update && apt-get install -y libcjose-dev
 RUN apt-get update && apt-get install -y apache2 apache2-dev
-
 RUN apt-get update && apt-get install -y libpcre3-dev zlib1g-dev
+RUN apt-get update && apt-get install -y libapache2-mod-php 
 
 RUN wget https://mod-auth-openidc.org/download/libcjose0_0.6.1.5-1~bionic+1_amd64.deb
 RUN wget https://mod-auth-openidc.org/download/libcjose-dev_0.6.1.5-1~bionic+1_amd64.deb
@@ -35,4 +36,8 @@ ADD openidc.conf /etc/apache2/conf-available
 RUN a2enconf openidc
 RUN /usr/sbin/apache2ctl start
 
-# docker run -p 443:443 -it 749d1204d189 /bin/bash -c "source /etc/apache2/envvars && valgrind --leak-check=full /usr/sbin/apache2 -X"
+RUN mkdir -p /var/www/html/protected
+RUN echo "<html><body><h1>Hello, <?php echo($_SERVER['REMOTE_USER']) ?></h1><pre><?php print_r(array_map(\"htmlentities\", apache_request_headers())); ?></pre><a href=\"/protected/?logout=https%3A%2F%2Flocalhost.zmartzone.eu%2Floggedout.html\">Logout</a></body></html>" >  /var/www/html/protected/index.php
+RUN mkdir -p /var/www/html/api && cp /var/www/html/protected/index.php /var/www/html/api
+
+# docker run -p 443:443 -it mod_auth_openidc /bin/bash -c "source /etc/apache2/envvars && valgrind --leak-check=full /usr/sbin/apache2 -X"
diff --git a/configure.ac b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([mod_auth_openidc],[2.4.8.4],[hans.zandbelt@zmartzone.eu])
+AC_INIT([mod_auth_openidc],[2.4.9-dev],[hans.zandbelt@zmartzone.eu])
 
 AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION())
 

diff --git a/openidc.conf b/openidc.conf
@@ -24,6 +24,8 @@ OIDCCryptoPassphrase blabla1234
 
 OIDCInfoHook iat access_token access_token_expires id_token userinfo refresh_token session
 
+OIDCScope "openid email profile"
+
 <Location /protected>
   AuthType openid-connect
   Require valid-user