diff options
| author | Vivien Kraus <vivien@planete-kraus.eu> | 2021-06-27 22:28:31 +0200 |
|---|---|---|
| committer | Vivien Kraus <vivien@planete-kraus.eu> | 2021-07-02 14:49:13 +0200 |
| commit | 5231ab8d1680a66460f7d126d7092315ab0f9e23 (patch) | |
| tree | 5325c07b26e92f1fc365a701cd0da99865d34b25 | |
| parent | 394b62ceab778eb58e7eb8927068a7e1faab4add (diff) | |
Merge the identity provider program with webid-oidc
| -rwxr-xr-x | bootstrap | 2 | ||||
| -rw-r--r-- | doc/webid-oidc.texi | 6 | ||||
| -rw-r--r-- | guix/vkraus/packages/webid-oidc.scm | 2 | ||||
| -rw-r--r-- | guix/vkraus/services/webid-oidc.scm | 5 | ||||
| -rw-r--r-- | man/Makefile.am | 6 | ||||
| -rw-r--r-- | po/fr.po | 696 | ||||
| -rw-r--r-- | po/webid-oidc.pot | 380 | ||||
| -rw-r--r-- | src/Makefile.am | 2 | ||||
| -rw-r--r-- | src/scm/webid-oidc/identity-provider.scm | 243 | ||||
| -rw-r--r-- | src/scm/webid-oidc/program.scm | 183 |
10 files changed, 786 insertions, 739 deletions
@@ -4,7 +4,7 @@ autoreconf -vif || exit 1 sed -i 's|SHELL = /bin/sh|SHELL = @SHELL@|g' po/Makefile.in.in || exit 1 ## Prepare the man pages -SCRIPTS_THAT_GET_EXECUTED="../src/webid-oidc-issuer ../src/webid-oidc ../src/webid-oidc-client-service ../src/webid-oidc-example-app" +SCRIPTS_THAT_GET_EXECUTED="../src/webid-oidc ../src/webid-oidc-client-service ../src/webid-oidc-example-app" mkdir -p .native || exit 1 cd .native || exit 1 diff --git a/doc/webid-oidc.texi b/doc/webid-oidc.texi index f7da5b3..6e51bd1 100644 --- a/doc/webid-oidc.texi +++ b/doc/webid-oidc.texi @@ -376,15 +376,15 @@ This project is packaged with a barebones identity provider. It has an authorization endpoint and a token endpoint (and it serves its public keys), but it is only intended for one specific person. -You can start it by invoking the @code{webid-oidc-issuer} program, -with the following options: +You can start it by invoking the @code{webid-oidc} program with the +@code{issuer} command, with the following options: @table @asis @item @code{-h}, or @code{--help} prints a summary of options and exit. @item @code{-v}, or @code{--version} prints the version of the program and exits. -@item @code{-i @var{URI}}, or @code{--issuer=@var{URI}} +@item @code{-n @var{URI}}, or @code{--server-name=@var{URI}} sets the global server name of the identity provider. It should have an empty path. @item @code{-k @var{FILE.jwk}}, or @code{--key-file=@var{FILE.jwk}} diff --git a/guix/vkraus/packages/webid-oidc.scm b/guix/vkraus/packages/webid-oidc.scm index 8ada121..eddd511 100644 --- a/guix/vkraus/packages/webid-oidc.scm +++ b/guix/vkraus/packages/webid-oidc.scm @@ -83,7 +83,7 @@ (format #f "~a/bin/webid-oidc-~a" out program) `("GUILE_LOAD_PATH" ":" = ,mod-paths) `("GUILE_LOAD_COMPILED_PATH" ":" = ,go-paths))) - '(client-service example-app hello issuer)))))))) + '(client-service example-app hello)))))))) (native-inputs `(("pkg-config" ,pkg-config) ("guile" ,guile-3.0) diff --git a/guix/vkraus/services/webid-oidc.scm b/guix/vkraus/services/webid-oidc.scm index b648494..d2af344 100644 --- a/guix/vkraus/services/webid-oidc.scm +++ b/guix/vkraus/services/webid-oidc.scm @@ -144,8 +144,9 @@ (prepare-directory "/var/cache/webid-oidc")) (make-forkexec-constructor (list - (string-append #$webid-oidc "/bin/webid-oidc-issuer") - "--issuer" #$issuer + (string-append #$webid-oidc "/bin/webid-oidc") + "identity-provider" + "--server-name" #$issuer "--key-file" #$key-file "--subject" #$subject "--password" #$password diff --git a/man/Makefile.am b/man/Makefile.am index 2832a72..af39c66 100644 --- a/man/Makefile.am +++ b/man/Makefile.am @@ -1,11 +1,7 @@ -dist_man8_MANS = webid-oidc-issuer.man webid-oidc.man webid-oidc-client-service.man +dist_man8_MANS = webid-oidc.man webid-oidc-client-service.man EXTRA_DIST = ./reset-env -webid-oidc-issuer.man: ../src/scm/webid-oidc/identity-provider.scm ../configure.ac - $(AM_V_GEN) ../pre-inst-env ./reset-env $(HELP2MAN) $(srcdir)/../src/webid-oidc-issuer > $@-t - mv $@-t $(srcdir)/$@ - webid-oidc.man: ../src/scm/webid-oidc/program.scm ../configure.ac $(AM_V_GEN) ../pre-inst-env ./reset-env $(HELP2MAN) $(srcdir)/../src/webid-oidc > $@-t mv $@-t $(srcdir)/$@ @@ -2,8 +2,8 @@ msgid "" msgstr "" "Project-Id-Version: webid-oidc 0.0.0\n" "Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n" -"POT-Creation-Date: 2021-06-27 21:10+0200\n" -"PO-Revision-Date: 2021-06-27 21:22+0200\n" +"POT-Creation-Date: 2021-06-27 22:30+0200\n" +"PO-Revision-Date: 2021-06-27 22:41+0200\n" "Last-Translator: Vivien Kraus <vivien@planete-kraus.eu>\n" "Language-Team: French <vivien@planete-kraus.eu>\n" "Language: fr\n" @@ -827,262 +827,6 @@ msgstr "Type d’exception non pris en charge ~a." msgid "Warning: generating a new key pair." msgstr "Attention : génération d'une nouvelle paire de clé." -#: src/scm/webid-oidc/identity-provider.scm:148 -#: src/scm/webid-oidc/hello-world.scm:31 src/scm/webid-oidc/client.scm:619 -#: src/scm/webid-oidc/example-app.scm:100 src/scm/webid-oidc/program.scm:50 -msgid "command-line|version" -msgstr "version" - -#: src/scm/webid-oidc/identity-provider.scm:150 -#: src/scm/webid-oidc/hello-world.scm:33 src/scm/webid-oidc/client.scm:621 -#: src/scm/webid-oidc/example-app.scm:102 -msgid "comand-line|help" -msgstr "aide" - -#: src/scm/webid-oidc/identity-provider.scm:152 -msgid "comand-line|issuer" -msgstr "émetteur" - -#: src/scm/webid-oidc/identity-provider.scm:154 -msgid "comand-line|key-file" -msgstr "fichier-clé" - -#: src/scm/webid-oidc/identity-provider.scm:156 -msgid "comand-line|subject" -msgstr "sujet" - -#: src/scm/webid-oidc/identity-provider.scm:158 -msgid "comand-line|password" -msgstr "mot-de-passe" - -#: src/scm/webid-oidc/identity-provider.scm:160 -msgid "comand-line|jwks-uri" -msgstr "uri-jwks" - -#: src/scm/webid-oidc/identity-provider.scm:162 -msgid "comand-line|authorization-endpoint-uri" -msgstr "uri-terminal-autorisation" - -#: src/scm/webid-oidc/identity-provider.scm:164 -msgid "comand-line|token-endpoint-uri" -msgstr "uri-terminal-jeton" - -#: src/scm/webid-oidc/identity-provider.scm:166 -#: src/scm/webid-oidc/hello-world.scm:35 src/scm/webid-oidc/client.scm:631 -msgid "comand-line|port" -msgstr "port" - -#: src/scm/webid-oidc/identity-provider.scm:168 -#: src/scm/webid-oidc/client.scm:633 src/scm/webid-oidc/program.scm:62 -msgid "comand-line|log-file" -msgstr "fichier-journal" - -#: src/scm/webid-oidc/identity-provider.scm:170 -#: src/scm/webid-oidc/client.scm:635 src/scm/webid-oidc/program.scm:64 -msgid "comand-line|error-file" -msgstr "fichier-erreur" - -#: src/scm/webid-oidc/identity-provider.scm:188 -#, scheme-format -msgid "" -"Usage: ~a [OPTIONS]...\n" -"\n" -"Run the Solid identity provider for a specific user.\n" -"\n" -"Options:\n" -" -h, --~a:\n" -" display this help message and exit.\n" -" -v, --~a:\n" -" display the version information (~a) and exit.\n" -" -i URI, --~a=URI:\n" -" set the public server host name.\n" -" -k FILE, --~a=FILE.jwk:\n" -" set the file name of the key file. If it does not exist, a new\n" -" key is generated.\n" -" -s WEBID, --~a=WEBID:\n" -" set the identity of the subject.\n" -" -w PASSWORD, --~a=PASSWORD:\n" -" set the password to recognize the user.\n" -" -j URI, --~a=URI:\n" -" set the URI to query the key of the server.\n" -" -a URI, --~a=URI:\n" -" set the authorization endpoint of the issuer.\n" -" -t URI, --~a=URI:\n" -" set the token endpoint of the issuer.\n" -" -p PORT, --~a=PORT:\n" -" set the port to bind (instead of 8080).\n" -" -l FILE.log, --~a=FILE.log:\n" -" dump the standard output to that file.\n" -" -e FILE.err, --~a=FILE.err:\n" -" dump the standard error to that file.\n" -"\n" -"Environment variables:\n" -"\n" -" LANG: set the locale of the sysadmin-facing interface (the user\n" -"pages are translated according to the user agent’s Accept-language\n" -"header), for log files and command-line interface. It is currently ~a.\n" -"\n" -" XDG_DATA_HOME: where to store the refresh tokens (under the\n" -"webid-oidc directory). For a system service, it is recommended to set\n" -"it to /var/lib. Currently set to ~a.\n" -"\n" -" XDG_CACHE_HOME: where to store and update the seed file for the\n" -"random number generator. If you remove it, you need to restart the\n" -"program to use a different seed. Currently set to ~a.\n" -"\n" -" HOME: if XDG_DATA_HOME or XDG_CACHE_HOME is not set, they are\n" -"computed from the value of the HOME environment variable. It is not\n" -"used otherwise. Currently set to ~a.\n" -"\n" -"Example used in webid-oidc-demo.planete-kraus.eu (except it’s managed\n" -"by shepherd in reality):\n" -"\n" -" export LANG=C\n" -" export XDG_DATA_HOME=/var/lib\n" -" export XDG_CACHE_HOME=/var/cache\n" -" webid-oidc-issuer \\\n" -" --issuer https://webid-oidc-demo.planete-kraus.eu \\\n" -" --key-file /var/lib/webid-oidc/issuer/key.jwk \\\n" -" --subject https://webid-oidc-demo.planete-kraus.eu/profile/card#me \\\n" -" --password \"$PASSWORD\" \\\n" -" --jwks-uri https://webid-oidc-demo.planete-kraus.eu/keys \\\n" -" --authorization-endpoint-uri https://webid-oidc-demo.planete-kraus.eu/" -"authorize \\\n" -" --token-endpoint-uri https://webid-oidc-demo.planete-kraus.eu/token " -"\\\n" -" --port $PORT\n" -"\n" -"If you find a bug, send a report to ~a.\n" -msgstr "" -"Utilisation : ~a [OPTIONS]...\n" -"\n" -"Exécute le fournisseur d’identité Solid pour un utilisateur spécifique.\n" -"\n" -"Options :\n" -" -h, --~a :\n" -" affiche ce message d’aide et quitte.\n" -" -v, --~a :\n" -" affiche le numéro de version (~a) et quitte.\n" -" -i URI, --~a=URI :\n" -" définit le nom public du serveur.\n" -" -k FICHIER, --~a=FICHIER.jwk :\n" -" définit le nom du fichier de clé. S’il n’existe pas, une\n" -" nouvelle clé sera générée.\n" -" -s WEBID, --~a=WEBID :\n" -" définit l’identité du sujet.\n" -" -w MOTDEPASSE, --~a=MOTDEPASSE :\n" -" définit le mot de passe pour reconnaître l’utilisateur.\n" -" -j URI, --~a=URI :\n" -" définit l’URI pour obtenir la clé publique du serveur.\n" -" -a URI, --~a=URI :\n" -" définit le terminal d’autorisation de l’émetteur (authorization\n" -" endpoint).\n" -" -t URI, --~a=URI :\n" -" définit le terminal de jeton de l’émetteur (token endpoint).\n" -" -p PORT, --~a=PORT :\n" -" définit le port à lier (au lieu de 8080).\n" -" -l FICHIER.log, --~a=FICHIER.log :\n" -" déverser la sortie standard vers ce fichier.\n" -" -e FICHIER.err, --~a=FICHIER.err :\n" -" déverser la sortie d’erreur vers ce fichier.\n" -"\n" -"Variables d’environnement :\n" -"\n" -" LANG : définit la locale de l’interface de l’administrateur système\n" -"(les pages utilisateur sont traduites selon l’en-tête Accept-Language\n" -"de l’agent), pour les fichiers de journaux et l’interface en ligne de\n" -"commande. Elle vaut actuellement ~a.\n" -"\n" -" XDG_DATA_HOME : où stocker les jetons de rafraîchissement (refresh\n" -"tokens, dans un sous-dossier webid-oidc). Pour un service système, il\n" -"est recommandé d’affecter /var/lib. Actuellement définie à ~a.\n" -"\n" -" XDG_CACHE_HOME : où stocker et modifier le fichier de graine pour le\n" -"générateur de nombres aléatoires. Si vous le supprimez, vous devez\n" -"redémarrer le programme pour utiliser une graine\n" -"différente. Actuellement définie à ~a.\n" -"\n" -" HOME : si XDG_DATA_HOME ou XDG_CACHE_HOME ne sont pas définies,\n" -"elles sont calculées à partir de la valeur de la variable\n" -"d’environnement HOME. Elle n’est pas utilisée dans les autres\n" -"cas. Actuellement définie à ~a.\n" -"\n" -"Exemple utilisé pour webid-oidc-demo.planete-kraus.eu (sauf que le\n" -"service est géré par shepherd en réalité, et les URI sont en\n" -"anglais) :\n" -"\n" -" export LANG=fr_FR.UTF-8\n" -" export XDG_DATA_HOME=/var/lib\n" -" export XDG_CACHE_HOME=/var/cache\n" -" webid-oidc-issuer \\\n" -" --émetteur https://webid-oidc-demo.planete-kraus.eu \\\n" -" --fichier-clé /var/lib/webid-oidc/émetteur/clé.jwk \\\n" -" --sujet https://webid-oidc-demo.planete-kraus.eu/profil/carte#moi \\\n" -" --mot-de-passe \"$MOTDEPASSE\" \\\n" -" --uri-jwks https://webid-oidc-demo.planete-kraus.eu/clés \\\n" -" --uri-terminal-autorisation https://webid-oidc-demo.planete-kraus.eu/" -"autoriser \\\n" -" --uri-terminal-jeton https://webid-oidc-demo.planete-kraus.eu/jeton " -"\\\n" -" --port $PORT\n" -"\n" -"Si vous trouvez une erreur dans le programme, envoyez-en un rapport à ~a.\n" - -#: src/scm/webid-oidc/identity-provider.scm:267 -#: src/scm/webid-oidc/hello-world.scm:61 src/scm/webid-oidc/client.scm:700 -#: src/scm/webid-oidc/example-app.scm:143 src/scm/webid-oidc/program.scm:177 -#, scheme-format -msgid "~a version ~a\n" -msgstr "~a version ~a\n" - -#: src/scm/webid-oidc/identity-provider.scm:294 -msgid "You need to set the issuer.\n" -msgstr "Vous devez définir l'émetteur.\n" - -#: src/scm/webid-oidc/identity-provider.scm:298 -msgid "You need to set the file name of the key file.\n" -msgstr "Vous devez définir le nom de ficher du fichier de clé.\n" - -#: src/scm/webid-oidc/identity-provider.scm:302 -msgid "You need to set the identity of the subject.\n" -msgstr "Vous devez définir l'identité du sujet.\n" - -#: src/scm/webid-oidc/identity-provider.scm:306 -msgid "You need to set the password to verify the identity of the subject.\n" -msgstr "Vous devez définir le mot de passe pour identifier le sujet.\n" - -#: src/scm/webid-oidc/identity-provider.scm:310 -msgid "You need to set the JWKS URI.\n" -msgstr "Vous devez définir l'URI du JWKS.\n" - -#: src/scm/webid-oidc/identity-provider.scm:315 -msgid "You need to set the authorization endpoint URI.\n" -msgstr "Vous devez définir l'URI du terminal d'autorisation.\n" - -#: src/scm/webid-oidc/identity-provider.scm:320 -msgid "You need to set the token endpoint URI.\n" -msgstr "Vous devez définir l'URI du terminal de jeton.\n" - -#: src/scm/webid-oidc/identity-provider.scm:327 -#: src/scm/webid-oidc/hello-world.scm:72 src/scm/webid-oidc/client.scm:738 -msgid "The port should be a number between 0 and 65535.\n" -msgstr "Le port doit être un nombre entre 0 et 65535.\n" - -#: src/scm/webid-oidc/identity-provider.scm:346 -#: src/scm/webid-oidc/client.scm:749 -#, scheme-format -msgid "~a: Internal server error: ~a\n" -msgstr "~a : Erreur interne du serveur : ~a\n" - -#: src/scm/webid-oidc/identity-provider.scm:357 -#, scheme-format -msgid "" -"The client locale ~s can’t be approximated by system locale ~s (because ~a), " -"using C.\n" -msgstr "" -"La locale du client ~s ne peut pas être approchée par la locale système ~s " -"(parce que ~a), on utilise C.\n" - #: src/scm/webid-oidc/authorization-page-unsafe.scm:29 msgid "xml-lang|en" msgstr "fr" @@ -1226,6 +970,20 @@ msgstr "" msgid "~a: authentication failure: ~a\n" msgstr "~a : échec d’authentificationn : ~a\n" +#: src/scm/webid-oidc/hello-world.scm:31 src/scm/webid-oidc/client.scm:619 +#: src/scm/webid-oidc/example-app.scm:100 src/scm/webid-oidc/program.scm:52 +msgid "command-line|version" +msgstr "version" + +#: src/scm/webid-oidc/hello-world.scm:33 src/scm/webid-oidc/client.scm:621 +#: src/scm/webid-oidc/example-app.scm:102 +msgid "comand-line|help" +msgstr "aide" + +#: src/scm/webid-oidc/hello-world.scm:35 src/scm/webid-oidc/client.scm:631 +msgid "comand-line|port" +msgstr "port" + #: src/scm/webid-oidc/hello-world.scm:44 #, scheme-format msgid "" @@ -1253,6 +1011,16 @@ msgstr "" " -p PORT, --~a=8080 :\n" " définit le port à lier.\n" +#: src/scm/webid-oidc/hello-world.scm:61 src/scm/webid-oidc/client.scm:700 +#: src/scm/webid-oidc/example-app.scm:143 src/scm/webid-oidc/program.scm:268 +#, scheme-format +msgid "~a version ~a\n" +msgstr "~a version ~a\n" + +#: src/scm/webid-oidc/hello-world.scm:72 src/scm/webid-oidc/client.scm:738 +msgid "The port should be a number between 0 and 65535.\n" +msgstr "Le port doit être un nombre entre 0 et 65535.\n" + #: src/scm/webid-oidc/client.scm:623 msgid "comand-line|client-id" msgstr "id-client" @@ -1269,6 +1037,14 @@ msgstr "nom-client" msgid "comand-line|client-uri" msgstr "uri-client" +#: src/scm/webid-oidc/client.scm:633 +msgid "comand-line|log-file" +msgstr "fichier-journal" + +#: src/scm/webid-oidc/client.scm:635 +msgid "comand-line|error-file" +msgstr "fichier-erreur" + #: src/scm/webid-oidc/client.scm:650 #, scheme-format msgid "" @@ -1376,6 +1152,11 @@ msgstr "Vous devez définir l'URI de redirection.\n" msgid "The client URI should be an URI.\n" msgstr "L’URI du client doit être un URI.\n" +#: src/scm/webid-oidc/client.scm:749 src/scm/webid-oidc/program.scm:401 +#, scheme-format +msgid "~a: Internal server error: ~a\n" +msgstr "~a : Erreur interne du serveur : ~a\n" + #: src/scm/webid-oidc/example-app.scm:35 #, scheme-format msgid "~a.\t~a, certified by ~a;\n" @@ -1523,27 +1304,59 @@ msgstr "" msgid "There was an error: ~a\n" msgstr "Il y a eu une erreur : ~a\n" -#: src/scm/webid-oidc/program.scm:52 +#: src/scm/webid-oidc/program.scm:54 msgid "command-line|help" msgstr "aide" -#: src/scm/webid-oidc/program.scm:54 +#: src/scm/webid-oidc/program.scm:56 msgid "command-line|server|port" msgstr "port" -#: src/scm/webid-oidc/program.scm:56 +#: src/scm/webid-oidc/program.scm:58 msgid "command-line|server|server-name" msgstr "nom-du-serveur" -#: src/scm/webid-oidc/program.scm:58 +#: src/scm/webid-oidc/program.scm:60 msgid "command-line|server|reverse-proxy|backend-uri" msgstr "uri-arrière-plan" -#: src/scm/webid-oidc/program.scm:60 +#: src/scm/webid-oidc/program.scm:62 msgid "command-line|server|reverse-proxy|header" msgstr "en-tête" +#: src/scm/webid-oidc/program.scm:64 +msgid "command-line|server|issuer|key-file" +msgstr "fichier-clé" + +#: src/scm/webid-oidc/program.scm:66 +msgid "command-line|server|issuer|subject" +msgstr "sujet" + +#: src/scm/webid-oidc/program.scm:68 +msgid "command-line|server|issuer|password" +msgstr "mot-de-passe" + +#: src/scm/webid-oidc/program.scm:70 +msgid "command-line|server|issuer|jwks-uri" +msgstr "uri-jwks" + +#: src/scm/webid-oidc/program.scm:72 +msgid "command-line|server|issuer|authorization-endpoint-uri" +msgstr "uri-terminal-autorisation" + +#: src/scm/webid-oidc/program.scm:74 +msgid "command-line|server|issuer|token-endpoint-uri" +msgstr "uri-terminal-jeton" + +#: src/scm/webid-oidc/program.scm:76 +msgid "command-line|log-file" +msgstr "fichier-journal" + #: src/scm/webid-oidc/program.scm:78 +msgid "command-line|error-file" +msgstr "fichier-erreur" + +#: src/scm/webid-oidc/program.scm:98 #, scheme-format msgid "" "Usage: ~a COMMAND [OPTIONS]...\n" @@ -1551,8 +1364,10 @@ msgid "" "Run the webid-oidc COMMAND.\n" "\n" "Available commands:\n" -" ~a: \n" +" ~a:\n" " run an authenticating reverse proxy.\n" +" ~a:\n" +" run an identity provider.\n" "\n" "General options:\n" " -h, --~a:\n" @@ -1578,11 +1393,38 @@ msgid "" " set the backend URI for the reverse proxy, only for the\n" " reverse-proxy command.\n" "\n" +"Options for the identity provider:\n" +" -k FILE, --~a=FILE.jwk:\n" +" set the file name of the key file. If it does not exist, a new\n" +" key is generated.\n" +" -s WEBID, --~a=WEBID:\n" +" set the identity of the subject.\n" +" -w PASSWORD, --~a=PASSWORD:\n" +" set the password to recognize the user.\n" +" -j URI, --~a=URI:\n" +" set the URI to query the key of the server.\n" +" -a URI, --~a=URI:\n" +" set the authorization endpoint of the issuer.\n" +" -t URI, --~a=URI:\n" +" set the token endpoint of the issuer.\n" +"\n" "Environment variables:\n" "\n" " LANG: set the locale of the user interface (for the server commands,\n" "the user is the system administrator).~a\n" "\n" +" XDG_DATA_HOME: where the program stores persistent data. The\n" +"identity provider stores the refresh tokens. For a system service, it\n" +"is recommended to set it to /var/lib.~a\n" +"\n" +" XDG_CACHE_HOME: where the program stores and updates the seed file,\n" +"and the web client cache. You can remove this directory at any\n" +"time. The seed file will be initialized from /dev/random.~a\n" +"\n" +" HOME: if XDG_DATA_HOME or XDG_CACHE_HOME is not set, they are\n" +"computed from the value of the HOME environment variable. It is not\n" +"used otherwise.~a\n" +"\n" "Running a reverse proxy\n" "\n" "Suppose that you operate data.provider.com. You want to run an\n" @@ -1602,6 +1444,23 @@ msgid "" " --~a '/var/log/proxy.log' \\\n" " --~a '/var/log/proxy.err'\n" "\n" +"Running an identity provider\n" +"\n" +"The identity provider running at webid-oidc-demo.planete-kraus.eu is\n" +"invoked with the following options:\n" +"\n" +" export XDG_DATA_HOME=/var/lib\n" +" export XDG_CACHE_HOME=/var/cache\n" +" ~a ~a \\\n" +" --~a 'https://webid-oidc-demo.planete-kraus.eu' \\\n" +" --~a '/var/lib/webid-oidc/issuer/key.jwk' \\\n" +" --~a 'https://webid-oidc-demo.planete-kraus.eu/profile/card#me' \\\n" +" --~a \"$PASSWORD\" \\\n" +" --~a 'https://webid-oidc-demo.planete-kraus.eu/keys' \\\n" +" --~a 'https://webid-oidc-demo.planete-kraus.eu/authorize' \\\n" +" --~a 'https://webid-oidc-demo.planete-kraus.eu/token' \\\n" +" --~a $PORT\n" +"\n" "If you find a bug, then please send a report to ~a.\n" msgstr "" "Utilisation : ~a COMMANDE [OPTIONS]...\n" @@ -1611,6 +1470,8 @@ msgstr "" "Commandes disponibles :\n" " ~a :\n" " exécute le proxy inverse authentifiant.\n" +" ~a :\n" +" exécute le fournisseur d’identité.\n" "\n" "Options générales :\n" " -h, --~a :\n" @@ -1629,18 +1490,47 @@ msgstr "" " définit le nom public du serveur (schéma, userinfo, hôte, et port).\n" "\n" "Options pour le proxy inverse :\n" -" -h ENTÊTE, --~a=ENTÊTE :\n" +" -H ENTÊTE, --~a=ENTÊTE :\n" " passe les requêtes avec un ENTÊTE optionnel défini par la valeur\n" " du webid, XXX-Agent par défaut.\n" " -b URI, --~a=URI :\n" " définit l’URI d’arrière-plan pour le proxy inverse, uniquement\n" " pour la commande proxy-inversé.\n" "\n" +"Options pour le fournisseur d’identité :\n" +" -k FICHIER, --~a=FICHIER.jwk :\n" +" définit le nom du fichier de clé. S’il n’existe pas, une\n" +" nouvelle clé sera générée.\n" +" -s WEBID, --~a=WEBID :\n" +" définit l’identité du sujet.\n" +" -w MOTDEPASSE, --~a=MOTDEPASSE :\n" +" définit le mot de passe pour reconnaître l’utilisateur.\n" +" -j URI, --~a=URI :\n" +" définit l’URI à requêter pour obtenir la clé du serveur.\n" +" -a URI, --~a=URI :\n" +" définit le terminal d’autorisation du fournisseur d’identité.\n" +" -t URI, --~a=URI :\n" +" définit le terminal de jeton du fournisseur d’identité.\n" +"\n" "Variables d’environnement :\n" "\n" " LANG : définit la locale de l’interface utilisateur (pour les\n" "commandes serveur, l’utilisateur est l’administrateur système).~a\n" "\n" +" XDG_DATA_HOME : là où le programme sauvegarde les données\n" +"persistantes. Le fournisseur d’identité archive les jetons de\n" +"rafraîchissement. Pour un service système, il est recommandé de la\n" +"définir à /var/lib.~a\n" +"\n" +" XDG_CACHE_HOME : là où le programme sauvegarde et modifie le fichier\n" +"de graine aléatoire, et le cache du client web. Vous pouvez supprimer\n" +"ce dossier n’importe quand. Le fichier de graine sera initialisé à\n" +"partir de /dev/random.~a\n" +"\n" +" HOME : si ni XDG_DATA_HOME ni XDG_CACHE_HOME ne sont définies, elles\n" +"sont calculées à partir de la valeur de la variable d’environnement\n" +"HOME. Elle n’est pas utilisée autrement.~a\n" +"\n" "Exécution d’un proxy inverse\n" "\n" "Supposons que vous opérez donnees.fournisseur.com. Vous voulez\n" @@ -1661,44 +1551,69 @@ msgstr "" " --~a '/var/log/proxy.log' \\\n" " --~a '/var/log/proxy.err'\n" "\n" +"Exécution d’un fournisseur d’identité\n" +"\n" +"Le fournisseur d’identité de nom webid-oidc-demo.planete-kraus.eu est\n" +"invoqué avec les options suivantes :\n" +"\n" +" export LANG=fr_FR.UTF-8\n" +" export XDG_DATA_HOME=/var/lib\n" +" export XDG_CACHE_HOME=/var/cache\n" +" ~a ~a \\\n" +" --~a 'https://webid-oidc-demo.planete-kraus.eu' \\\n" +" --~a '/var/lib/webid-oidc/issuer/key.jwk' \\\n" +" --~a 'https://webid-oidc-demo.planete-kraus.eu/profile/card#me' \\\n" +" --~a \"$PASSWORD\" \\\n" +" --~a 'https://webid-oidc-demo.planete-kraus.eu/keys' \\\n" +" --~a 'https://webid-oidc-demo.planete-kraus.eu/authorize' \\\n" +" --~a 'https://webid-oidc-demo.planete-kraus.eu/token' \\\n" +" --~a $PORT\n" +"\n" "Si vous trouvez une erreur dans le programme, envoyez-en un rapport à\n" "~a.\n" -#: src/scm/webid-oidc/program.scm:139 src/scm/webid-oidc/program.scm:170 -#: src/scm/webid-oidc/program.scm:236 +#: src/scm/webid-oidc/program.scm:205 src/scm/webid-oidc/program.scm:255 +#: src/scm/webid-oidc/program.scm:341 msgid "command-line|command|reverse-proxy" msgstr "proxy-inversé" -#: src/scm/webid-oidc/program.scm:163 +#: src/scm/webid-oidc/program.scm:206 src/scm/webid-oidc/program.scm:261 +#: src/scm/webid-oidc/program.scm:359 +msgid "command-line|command|identity-provider" +msgstr "fournisseur-identité" + +#: src/scm/webid-oidc/program.scm:236 src/scm/webid-oidc/program.scm:240 +#: src/scm/webid-oidc/program.scm:244 src/scm/webid-oidc/program.scm:248 #, scheme-format msgid "an environment variable| It is currently set to ~s." msgstr " Elle vaut actuellement ~s." -#: src/scm/webid-oidc/program.scm:165 +#: src/scm/webid-oidc/program.scm:238 src/scm/webid-oidc/program.scm:242 +#: src/scm/webid-oidc/program.scm:246 src/scm/webid-oidc/program.scm:250 msgid "an environment variable| It is currently unset." msgstr " Elle n’est actuellement pas définie." -#: src/scm/webid-oidc/program.scm:185 +#: src/scm/webid-oidc/program.scm:276 #, scheme-format msgid "The --~a argument must be a number, not ~s.\n" msgstr "L’argument de --~a doit être un nombre, pas ~s.\n" -#: src/scm/webid-oidc/program.scm:191 +#: src/scm/webid-oidc/program.scm:282 #, scheme-format msgid "The --~a argument must be an integer, not ~s.\n" msgstr "L’argument de --~a doit être un entier, pas ~s.\n" -#: src/scm/webid-oidc/program.scm:197 +#: src/scm/webid-oidc/program.scm:288 #, scheme-format msgid "The --~a argument must be positive, ~s is invalid.\n" msgstr "L’argument de --~a doit être positif, ~s est invalide.\n" -#: src/scm/webid-oidc/program.scm:202 +#: src/scm/webid-oidc/program.scm:293 #, scheme-format msgid "The --~a argument must be less than 65536, ~s is invalid.\n" msgstr "L’argument de --~a doit être inférieur à 65536, ~s est invalide.\n" -#: src/scm/webid-oidc/program.scm:220 +#: src/scm/webid-oidc/program.scm:325 #, scheme-format msgid "" "Usage: ~a COMMAND [OPTIONS]...\n" @@ -1707,21 +1622,248 @@ msgstr "" "Utilisation : ~a COMMANDE [OPTIONS]...\n" "Voir --~a (-h).\n" -#: src/scm/webid-oidc/program.scm:239 +#: src/scm/webid-oidc/program.scm:344 src/scm/webid-oidc/program.scm:362 #, scheme-format msgid "You must pass --~a to set the server name.\n" msgstr "Vous devez passer --~a pour définir le nom du serveur.\n" -#: src/scm/webid-oidc/program.scm:243 +#: src/scm/webid-oidc/program.scm:348 #, scheme-format msgid "You must pass --~a to set the backend URI.\n" msgstr "Vous devez passer --~a pour définir l'URI du service d’arrière-plan.\n" -#: src/scm/webid-oidc/program.scm:255 +#: src/scm/webid-oidc/program.scm:366 +#, scheme-format +msgid "" +"You must pass --~a to set the file where to store the identity provider " +"key.\n" +msgstr "" +"Vous devez passer --~a pour définir le nom du fichier pour sauvegarder\n" +"la clé du fournisseur d’identité.\n" + +#: src/scm/webid-oidc/program.scm:370 +#, scheme-format +msgid "You must pass --~a to set the subject of the identity provider.\n" +msgstr "" +"Vous devez passer --~a pour définir le sujet du fournisseur d’identité.\n" + +#: src/scm/webid-oidc/program.scm:374 +#, scheme-format +msgid "You must pass --~a to set the subject’s password.\n" +msgstr "Vous devez passer --~a pour définir le mot de passe du sujet.\n" + +#: src/scm/webid-oidc/program.scm:378 +#, scheme-format +msgid "You must pass --~a to set the JWKS URI.\n" +msgstr "Vous devez passer --~a pour définir l'URI du JWKS.\n" + +#: src/scm/webid-oidc/program.scm:382 +#, scheme-format +msgid "You must pass --~a to set the authorization endpoint URI.\n" +msgstr "" +"Vous devez passer --~a pour définir l'URI du terminal d'autorisation.\n" + +#: src/scm/webid-oidc/program.scm:386 +#, scheme-format +msgid "You must pass --~a to set the token endpoint URI.\n" +msgstr "Vous devez passer --~a pour définir l'URI du terminal de jeton.\n" + +#: src/scm/webid-oidc/program.scm:412 +#, scheme-format +msgid "" +"The client locale ~s can’t be approximated by system locale ~s (because ~a), " +"using C.\n" +msgstr "" +"La locale du client ~s ne peut pas être approchée par la locale système ~s " +"(parce que ~a), on utilise C.\n" + +#: src/scm/webid-oidc/program.scm:426 #, scheme-format msgid "Unknown command ~s\n" msgstr "Commande inconnue ~s\n" +#~ msgid "comand-line|issuer" +#~ msgstr "émetteur" + +#~ msgid "comand-line|key-file" +#~ msgstr "fichier-clé" + +#~ msgid "comand-line|subject" +#~ msgstr "sujet" + +#~ msgid "comand-line|password" +#~ msgstr "mot-de-passe" + +#~ msgid "comand-line|jwks-uri" +#~ msgstr "uri-jwks" + +#, scheme-format +#~ msgid "" +#~ "Usage: ~a [OPTIONS]...\n" +#~ "\n" +#~ "Run the Solid identity provider for a specific user.\n" +#~ "\n" +#~ "Options:\n" +#~ " -h, --~a:\n" +#~ " display this help message and exit.\n" +#~ " -v, --~a:\n" +#~ " display the version information (~a) and exit.\n" +#~ " -i URI, --~a=URI:\n" +#~ " set the public server host name.\n" +#~ " -k FILE, --~a=FILE.jwk:\n" +#~ " set the file name of the key file. If it does not exist, a new\n" +#~ " key is generated.\n" +#~ " -s WEBID, --~a=WEBID:\n" +#~ " set the identity of the subject.\n" +#~ " -w PASSWORD, --~a=PASSWORD:\n" +#~ " set the password to recognize the user.\n" +#~ " -j URI, --~a=URI:\n" +#~ " set the URI to query the key of the server.\n" +#~ " -a URI, --~a=URI:\n" +#~ " set the authorization endpoint of the issuer.\n" +#~ " -t URI, --~a=URI:\n" +#~ " set the token endpoint of the issuer.\n" +#~ " -p PORT, --~a=PORT:\n" +#~ " set the port to bind (instead of 8080).\n" +#~ " -l FILE.log, --~a=FILE.log:\n" +#~ " dump the standard output to that file.\n" +#~ " -e FILE.err, --~a=FILE.err:\n" +#~ " dump the standard error to that file.\n" +#~ "\n" +#~ "Environment variables:\n" +#~ "\n" +#~ " LANG: set the locale of the sysadmin-facing interface (the user\n" +#~ "pages are translated according to the user agent’s Accept-language\n" +#~ "header), for log files and command-line interface. It is currently ~a.\n" +#~ "\n" +#~ " XDG_DATA_HOME: where to store the refresh tokens (under the\n" +#~ "webid-oidc directory). For a system service, it is recommended to set\n" +#~ "it to /var/lib. Currently set to ~a.\n" +#~ "\n" +#~ " XDG_CACHE_HOME: where to store and update the seed file for the\n" +#~ "random number generator. If you remove it, you need to restart the\n" +#~ "program to use a different seed. Currently set to ~a.\n" +#~ "\n" +#~ " HOME: if XDG_DATA_HOME or XDG_CACHE_HOME is not set, they are\n" +#~ "computed from the value of the HOME environment variable. It is not\n" +#~ "used otherwise. Currently set to ~a.\n" +#~ "\n" +#~ "Example used in webid-oidc-demo.planete-kraus.eu (except it’s managed\n" +#~ "by shepherd in reality):\n" +#~ "\n" +#~ " export LANG=C\n" +#~ " export XDG_DATA_HOME=/var/lib\n" +#~ " export XDG_CACHE_HOME=/var/cache\n" +#~ " webid-oidc-issuer \\\n" +#~ " --issuer https://webid-oidc-demo.planete-kraus.eu \\\n" +#~ " --key-file /var/lib/webid-oidc/issuer/key.jwk \\\n" +#~ " --subject https://webid-oidc-demo.planete-kraus.eu/profile/card#me " +#~ "\\\n" +#~ " --password \"$PASSWORD\" \\\n" +#~ " --jwks-uri https://webid-oidc-demo.planete-kraus.eu/keys \\\n" +#~ " --authorization-endpoint-uri https://webid-oidc-demo.planete-kraus." +#~ "eu/authorize \\\n" +#~ " --token-endpoint-uri https://webid-oidc-demo.planete-kraus.eu/token " +#~ "\\\n" +#~ " --port $PORT\n" +#~ "\n" +#~ "If you find a bug, send a report to ~a.\n" +#~ msgstr "" +#~ "Utilisation : ~a [OPTIONS]...\n" +#~ "\n" +#~ "Exécute le fournisseur d’identité Solid pour un utilisateur spécifique.\n" +#~ "\n" +#~ "Options :\n" +#~ " -h, --~a :\n" +#~ " affiche ce message d’aide et quitte.\n" +#~ " -v, --~a :\n" +#~ " affiche le numéro de version (~a) et quitte.\n" +#~ " -i URI, --~a=URI :\n" +#~ " définit le nom public du serveur.\n" +#~ " -k FICHIER, --~a=FICHIER.jwk :\n" +#~ " définit le nom du fichier de clé. S’il n’existe pas, une\n" +#~ " nouvelle clé sera générée.\n" +#~ " -s WEBID, --~a=WEBID :\n" +#~ " définit l’identité du sujet.\n" +#~ " -w MOTDEPASSE, --~a=MOTDEPASSE :\n" +#~ " définit le mot de passe pour reconnaître l’utilisateur.\n" +#~ " -j URI, --~a=URI :\n" +#~ " définit l’URI pour obtenir la clé publique du serveur.\n" +#~ " -a URI, --~a=URI :\n" +#~ " définit le terminal d’autorisation de l’émetteur (authorization\n" +#~ " endpoint).\n" +#~ " -t URI, --~a=URI :\n" +#~ " définit le terminal de jeton de l’émetteur (token endpoint).\n" +#~ " -p PORT, --~a=PORT :\n" +#~ " définit le port à lier (au lieu de 8080).\n" +#~ " -l FICHIER.log, --~a=FICHIER.log :\n" +#~ " déverser la sortie standard vers ce fichier.\n" +#~ " -e FICHIER.err, --~a=FICHIER.err :\n" +#~ " déverser la sortie d’erreur vers ce fichier.\n" +#~ "\n" +#~ "Variables d’environnement :\n" +#~ "\n" +#~ " LANG : définit la locale de l’interface de l’administrateur système\n" +#~ "(les pages utilisateur sont traduites selon l’en-tête Accept-Language\n" +#~ "de l’agent), pour les fichiers de journaux et l’interface en ligne de\n" +#~ "commande. Elle vaut actuellement ~a.\n" +#~ "\n" +#~ " XDG_DATA_HOME : où stocker les jetons de rafraîchissement (refresh\n" +#~ "tokens, dans un sous-dossier webid-oidc). Pour un service système, il\n" +#~ "est recommandé d’affecter /var/lib. Actuellement définie à ~a.\n" +#~ "\n" +#~ " XDG_CACHE_HOME : où stocker et modifier le fichier de graine pour le\n" +#~ "générateur de nombres aléatoires. Si vous le supprimez, vous devez\n" +#~ "redémarrer le programme pour utiliser une graine\n" +#~ "différente. Actuellement définie à ~a.\n" +#~ "\n" +#~ " HOME : si XDG_DATA_HOME ou XDG_CACHE_HOME ne sont pas définies,\n" +#~ "elles sont calculées à partir de la valeur de la variable\n" +#~ "d’environnement HOME. Elle n’est pas utilisée dans les autres\n" +#~ "cas. Actuellement définie à ~a.\n" +#~ "\n" +#~ "Exemple utilisé pour webid-oidc-demo.planete-kraus.eu (sauf que le\n" +#~ "service est géré par shepherd en réalité, et les URI sont en\n" +#~ "anglais) :\n" +#~ "\n" +#~ " export LANG=fr_FR.UTF-8\n" +#~ " export XDG_DATA_HOME=/var/lib\n" +#~ " export XDG_CACHE_HOME=/var/cache\n" +#~ " webid-oidc-issuer \\\n" +#~ " --émetteur https://webid-oidc-demo.planete-kraus.eu \\\n" +#~ " --fichier-clé /var/lib/webid-oidc/émetteur/clé.jwk \\\n" +#~ " --sujet https://webid-oidc-demo.planete-kraus.eu/profil/carte#moi " +#~ "\\\n" +#~ " --mot-de-passe \"$MOTDEPASSE\" \\\n" +#~ " --uri-jwks https://webid-oidc-demo.planete-kraus.eu/clés \\\n" +#~ " --uri-terminal-autorisation https://webid-oidc-demo.planete-kraus." +#~ "eu/autoriser \\\n" +#~ " --uri-terminal-jeton https://webid-oidc-demo.planete-kraus.eu/jeton " +#~ "\\\n" +#~ " --port $PORT\n" +#~ "\n" +#~ "Si vous trouvez une erreur dans le programme, envoyez-en un rapport à " +#~ "~a.\n" + +#~ msgid "You need to set the issuer.\n" +#~ msgstr "Vous devez définir l'émetteur.\n" + +#~ msgid "You need to set the file name of the key file.\n" +#~ msgstr "Vous devez définir le nom de ficher du fichier de clé.\n" + +#~ msgid "You need to set the identity of the subject.\n" +#~ msgstr "Vous devez définir l'identité du sujet.\n" + +#~ msgid "" +#~ "You need to set the password to verify the identity of the subject.\n" +#~ msgstr "Vous devez définir le mot de passe pour identifier le sujet.\n" + +#~ msgid "You need to set the JWKS URI.\n" +#~ msgstr "Vous devez définir l'URI du JWKS.\n" + +#~ msgid "You need to set the token endpoint URI.\n" +#~ msgstr "Vous devez définir l'URI du terminal de jeton.\n" + #~ msgid "command-line|inbound-uri" #~ msgstr "uri-entrant" diff --git a/po/webid-oidc.pot b/po/webid-oidc.pot index 84850fc..67e3b0f 100644 --- a/po/webid-oidc.pot +++ b/po/webid-oidc.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: webid-oidc SNAPSHOT\n" "Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n" -"POT-Creation-Date: 2021-06-27 21:10+0200\n" +"POT-Creation-Date: 2021-06-27 22:30+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -794,187 +794,6 @@ msgstr "" msgid "Warning: generating a new key pair." msgstr "" -#: src/scm/webid-oidc/identity-provider.scm:148 -#: src/scm/webid-oidc/hello-world.scm:31 src/scm/webid-oidc/client.scm:619 -#: src/scm/webid-oidc/example-app.scm:100 src/scm/webid-oidc/program.scm:50 -msgid "command-line|version" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:150 -#: src/scm/webid-oidc/hello-world.scm:33 src/scm/webid-oidc/client.scm:621 -#: src/scm/webid-oidc/example-app.scm:102 -msgid "comand-line|help" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:152 -msgid "comand-line|issuer" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:154 -msgid "comand-line|key-file" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:156 -msgid "comand-line|subject" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:158 -msgid "comand-line|password" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:160 -msgid "comand-line|jwks-uri" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:162 -msgid "comand-line|authorization-endpoint-uri" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:164 -msgid "comand-line|token-endpoint-uri" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:166 -#: src/scm/webid-oidc/hello-world.scm:35 src/scm/webid-oidc/client.scm:631 -msgid "comand-line|port" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:168 -#: src/scm/webid-oidc/client.scm:633 src/scm/webid-oidc/program.scm:62 -msgid "comand-line|log-file" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:170 -#: src/scm/webid-oidc/client.scm:635 src/scm/webid-oidc/program.scm:64 -msgid "comand-line|error-file" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:188 -#, scheme-format -msgid "" -"Usage: ~a [OPTIONS]...\n" -"\n" -"Run the Solid identity provider for a specific user.\n" -"\n" -"Options:\n" -" -h, --~a:\n" -" display this help message and exit.\n" -" -v, --~a:\n" -" display the version information (~a) and exit.\n" -" -i URI, --~a=URI:\n" -" set the public server host name.\n" -" -k FILE, --~a=FILE.jwk:\n" -" set the file name of the key file. If it does not exist, a new\n" -" key is generated.\n" -" -s WEBID, --~a=WEBID:\n" -" set the identity of the subject.\n" -" -w PASSWORD, --~a=PASSWORD:\n" -" set the password to recognize the user.\n" -" -j URI, --~a=URI:\n" -" set the URI to query the key of the server.\n" -" -a URI, --~a=URI:\n" -" set the authorization endpoint of the issuer.\n" -" -t URI, --~a=URI:\n" -" set the token endpoint of the issuer.\n" -" -p PORT, --~a=PORT:\n" -" set the port to bind (instead of 8080).\n" -" -l FILE.log, --~a=FILE.log:\n" -" dump the standard output to that file.\n" -" -e FILE.err, --~a=FILE.err:\n" -" dump the standard error to that file.\n" -"\n" -"Environment variables:\n" -"\n" -" LANG: set the locale of the sysadmin-facing interface (the user\n" -"pages are translated according to the user agent’s Accept-language\n" -"header), for log files and command-line interface. It is currently ~a.\n" -"\n" -" XDG_DATA_HOME: where to store the refresh tokens (under the\n" -"webid-oidc directory). For a system service, it is recommended to set\n" -"it to /var/lib. Currently set to ~a.\n" -"\n" -" XDG_CACHE_HOME: where to store and update the seed file for the\n" -"random number generator. If you remove it, you need to restart the\n" -"program to use a different seed. Currently set to ~a.\n" -"\n" -" HOME: if XDG_DATA_HOME or XDG_CACHE_HOME is not set, they are\n" -"computed from the value of the HOME environment variable. It is not\n" -"used otherwise. Currently set to ~a.\n" -"\n" -"Example used in webid-oidc-demo.planete-kraus.eu (except it’s managed\n" -"by shepherd in reality):\n" -"\n" -" export LANG=C\n" -" export XDG_DATA_HOME=/var/lib\n" -" export XDG_CACHE_HOME=/var/cache\n" -" webid-oidc-issuer \\\n" -" --issuer https://webid-oidc-demo.planete-kraus.eu \\\n" -" --key-file /var/lib/webid-oidc/issuer/key.jwk \\\n" -" --subject https://webid-oidc-demo.planete-kraus.eu/profile/card#me \\\n" -" --password \"$PASSWORD\" \\\n" -" --jwks-uri https://webid-oidc-demo.planete-kraus.eu/keys \\\n" -" --authorization-endpoint-uri https://webid-oidc-demo.planete-kraus.eu/" -"authorize \\\n" -" --token-endpoint-uri https://webid-oidc-demo.planete-kraus.eu/token " -"\\\n" -" --port $PORT\n" -"\n" -"If you find a bug, send a report to ~a.\n" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:267 -#: src/scm/webid-oidc/hello-world.scm:61 src/scm/webid-oidc/client.scm:700 -#: src/scm/webid-oidc/example-app.scm:143 src/scm/webid-oidc/program.scm:177 -#, scheme-format -msgid "~a version ~a\n" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:294 -msgid "You need to set the issuer.\n" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:298 -msgid "You need to set the file name of the key file.\n" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:302 -msgid "You need to set the identity of the subject.\n" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:306 -msgid "You need to set the password to verify the identity of the subject.\n" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:310 -msgid "You need to set the JWKS URI.\n" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:315 -msgid "You need to set the authorization endpoint URI.\n" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:320 -msgid "You need to set the token endpoint URI.\n" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:327 -#: src/scm/webid-oidc/hello-world.scm:72 src/scm/webid-oidc/client.scm:738 -msgid "The port should be a number between 0 and 65535.\n" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:346 -#: src/scm/webid-oidc/client.scm:749 -#, scheme-format -msgid "~a: Internal server error: ~a\n" -msgstr "" - -#: src/scm/webid-oidc/identity-provider.scm:357 -#, scheme-format -msgid "" -"The client locale ~s can’t be approximated by system locale ~s (because ~a), " -"using C.\n" -msgstr "" - #: src/scm/webid-oidc/authorization-page-unsafe.scm:29 msgid "xml-lang|en" msgstr "" @@ -1112,6 +931,20 @@ msgstr "" msgid "~a: authentication failure: ~a\n" msgstr "" +#: src/scm/webid-oidc/hello-world.scm:31 src/scm/webid-oidc/client.scm:619 +#: src/scm/webid-oidc/example-app.scm:100 src/scm/webid-oidc/program.scm:52 +msgid "command-line|version" +msgstr "" + +#: src/scm/webid-oidc/hello-world.scm:33 src/scm/webid-oidc/client.scm:621 +#: src/scm/webid-oidc/example-app.scm:102 +msgid "comand-line|help" +msgstr "" + +#: src/scm/webid-oidc/hello-world.scm:35 src/scm/webid-oidc/client.scm:631 +msgid "comand-line|port" +msgstr "" + #: src/scm/webid-oidc/hello-world.scm:44 #, scheme-format msgid "" @@ -1128,6 +961,16 @@ msgid "" " set the port to bind.\n" msgstr "" +#: src/scm/webid-oidc/hello-world.scm:61 src/scm/webid-oidc/client.scm:700 +#: src/scm/webid-oidc/example-app.scm:143 src/scm/webid-oidc/program.scm:268 +#, scheme-format +msgid "~a version ~a\n" +msgstr "" + +#: src/scm/webid-oidc/hello-world.scm:72 src/scm/webid-oidc/client.scm:738 +msgid "The port should be a number between 0 and 65535.\n" +msgstr "" + #: src/scm/webid-oidc/client.scm:623 msgid "comand-line|client-id" msgstr "" @@ -1144,6 +987,14 @@ msgstr "" msgid "comand-line|client-uri" msgstr "" +#: src/scm/webid-oidc/client.scm:633 +msgid "comand-line|log-file" +msgstr "" + +#: src/scm/webid-oidc/client.scm:635 +msgid "comand-line|error-file" +msgstr "" + #: src/scm/webid-oidc/client.scm:650 #, scheme-format msgid "" @@ -1205,6 +1056,11 @@ msgstr "" msgid "The client URI should be an URI.\n" msgstr "" +#: src/scm/webid-oidc/client.scm:749 src/scm/webid-oidc/program.scm:401 +#, scheme-format +msgid "~a: Internal server error: ~a\n" +msgstr "" + #: src/scm/webid-oidc/example-app.scm:35 #, scheme-format msgid "~a.\t~a, certified by ~a;\n" @@ -1311,27 +1167,59 @@ msgstr "" msgid "There was an error: ~a\n" msgstr "" -#: src/scm/webid-oidc/program.scm:52 +#: src/scm/webid-oidc/program.scm:54 msgid "command-line|help" msgstr "" -#: src/scm/webid-oidc/program.scm:54 +#: src/scm/webid-oidc/program.scm:56 msgid "command-line|server|port" msgstr "" -#: src/scm/webid-oidc/program.scm:56 +#: src/scm/webid-oidc/program.scm:58 msgid "command-line|server|server-name" msgstr "" -#: src/scm/webid-oidc/program.scm:58 +#: src/scm/webid-oidc/program.scm:60 msgid "command-line|server|reverse-proxy|backend-uri" msgstr "" -#: src/scm/webid-oidc/program.scm:60 +#: src/scm/webid-oidc/program.scm:62 msgid "command-line|server|reverse-proxy|header" msgstr "" +#: src/scm/webid-oidc/program.scm:64 +msgid "command-line|server|issuer|key-file" +msgstr "" + +#: src/scm/webid-oidc/program.scm:66 +msgid "command-line|server|issuer|subject" +msgstr "" + +#: src/scm/webid-oidc/program.scm:68 +msgid "command-line|server|issuer|password" +msgstr "" + +#: src/scm/webid-oidc/program.scm:70 +msgid "command-line|server|issuer|jwks-uri" +msgstr "" + +#: src/scm/webid-oidc/program.scm:72 +msgid "command-line|server|issuer|authorization-endpoint-uri" +msgstr "" + +#: src/scm/webid-oidc/program.scm:74 +msgid "command-line|server|issuer|token-endpoint-uri" +msgstr "" + +#: src/scm/webid-oidc/program.scm:76 +msgid "command-line|log-file" +msgstr "" + #: src/scm/webid-oidc/program.scm:78 +msgid "command-line|error-file" +msgstr "" + +#: src/scm/webid-oidc/program.scm:98 #, scheme-format msgid "" "Usage: ~a COMMAND [OPTIONS]...\n" @@ -1339,8 +1227,10 @@ msgid "" "Run the webid-oidc COMMAND.\n" "\n" "Available commands:\n" -" ~a: \n" +" ~a:\n" " run an authenticating reverse proxy.\n" +" ~a:\n" +" run an identity provider.\n" "\n" "General options:\n" " -h, --~a:\n" @@ -1366,11 +1256,38 @@ msgid "" " set the backend URI for the reverse proxy, only for the\n" " reverse-proxy command.\n" "\n" +"Options for the identity provider:\n" +" -k FILE, --~a=FILE.jwk:\n" +" set the file name of the key file. If it does not exist, a new\n" +" key is generated.\n" +" -s WEBID, --~a=WEBID:\n" +" set the identity of the subject.\n" +" -w PASSWORD, --~a=PASSWORD:\n" +" set the password to recognize the user.\n" +" -j URI, --~a=URI:\n" +" set the URI to query the key of the server.\n" +" -a URI, --~a=URI:\n" +" set the authorization endpoint of the issuer.\n" +" -t URI, --~a=URI:\n" +" set the token endpoint of the issuer.\n" +"\n" "Environment variables:\n" "\n" " LANG: set the locale of the user interface (for the server commands,\n" "the user is the system administrator).~a\n" "\n" +" XDG_DATA_HOME: where the program stores persistent data. The\n" +"identity provider stores the refresh tokens. For a system service, it\n" +"is recommended to set it to /var/lib.~a\n" +"\n" +" XDG_CACHE_HOME: where the program stores and updates the seed file,\n" +"and the web client cache. You can remove this directory at any\n" +"time. The seed file will be initialized from /dev/random.~a\n" +"\n" +" HOME: if XDG_DATA_HOME or XDG_CACHE_HOME is not set, they are\n" +"computed from the value of the HOME environment variable. It is not\n" +"used otherwise.~a\n" +"\n" "Running a reverse proxy\n" "\n" "Suppose that you operate data.provider.com. You want to run an\n" @@ -1390,61 +1307,124 @@ msgid "" " --~a '/var/log/proxy.log' \\\n" " --~a '/var/log/proxy.err'\n" "\n" +"Running an identity provider\n" +"\n" +"The identity provider running at webid-oidc-demo.planete-kraus.eu is\n" +"invoked with the following options:\n" +"\n" +" export XDG_DATA_HOME=/var/lib\n" +" export XDG_CACHE_HOME=/var/cache\n" +" ~a ~a \\\n" +" --~a 'https://webid-oidc-demo.planete-kraus.eu' \\\n" +" --~a '/var/lib/webid-oidc/issuer/key.jwk' \\\n" +" --~a 'https://webid-oidc-demo.planete-kraus.eu/profile/card#me' \\\n" +" --~a \"$PASSWORD\" \\\n" +" --~a 'https://webid-oidc-demo.planete-kraus.eu/keys' \\\n" +" --~a 'https://webid-oidc-demo.planete-kraus.eu/authorize' \\\n" +" --~a 'https://webid-oidc-demo.planete-kraus.eu/token' \\\n" +" --~a $PORT\n" +"\n" "If you find a bug, then please send a report to ~a.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:139 src/scm/webid-oidc/program.scm:170 -#: src/scm/webid-oidc/program.scm:236 +#: src/scm/webid-oidc/program.scm:205 src/scm/webid-oidc/program.scm:255 +#: src/scm/webid-oidc/program.scm:341 msgid "command-line|command|reverse-proxy" msgstr "" -#: src/scm/webid-oidc/program.scm:163 +#: src/scm/webid-oidc/program.scm:206 src/scm/webid-oidc/program.scm:261 +#: src/scm/webid-oidc/program.scm:359 +msgid "command-line|command|identity-provider" +msgstr "" + +#: src/scm/webid-oidc/program.scm:236 src/scm/webid-oidc/program.scm:240 +#: src/scm/webid-oidc/program.scm:244 src/scm/webid-oidc/program.scm:248 #, scheme-format msgid "an environment variable| It is currently set to ~s." msgstr "" -#: src/scm/webid-oidc/program.scm:165 +#: src/scm/webid-oidc/program.scm:238 src/scm/webid-oidc/program.scm:242 +#: src/scm/webid-oidc/program.scm:246 src/scm/webid-oidc/program.scm:250 msgid "an environment variable| It is currently unset." msgstr "" -#: src/scm/webid-oidc/program.scm:185 +#: src/scm/webid-oidc/program.scm:276 #, scheme-format msgid "The --~a argument must be a number, not ~s.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:191 +#: src/scm/webid-oidc/program.scm:282 #, scheme-format msgid "The --~a argument must be an integer, not ~s.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:197 +#: src/scm/webid-oidc/program.scm:288 #, scheme-format msgid "The --~a argument must be positive, ~s is invalid.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:202 +#: src/scm/webid-oidc/program.scm:293 #, scheme-format msgid "The --~a argument must be less than 65536, ~s is invalid.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:220 +#: src/scm/webid-oidc/program.scm:325 #, scheme-format msgid "" "Usage: ~a COMMAND [OPTIONS]...\n" "See --~a (-h).\n" msgstr "" -#: src/scm/webid-oidc/program.scm:239 +#: src/scm/webid-oidc/program.scm:344 src/scm/webid-oidc/program.scm:362 #, scheme-format msgid "You must pass --~a to set the server name.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:243 +#: src/scm/webid-oidc/program.scm:348 #, scheme-format msgid "You must pass --~a to set the backend URI.\n" msgstr "" -#: src/scm/webid-oidc/program.scm:255 +#: src/scm/webid-oidc/program.scm:366 +#, scheme-format +msgid "" +"You must pass --~a to set the file where to store the identity provider " +"key.\n" +msgstr "" + +#: src/scm/webid-oidc/program.scm:370 +#, scheme-format +msgid "You must pass --~a to set the subject of the identity provider.\n" +msgstr "" + +#: src/scm/webid-oidc/program.scm:374 +#, scheme-format +msgid "You must pass --~a to set the subject’s password.\n" +msgstr "" + +#: src/scm/webid-oidc/program.scm:378 +#, scheme-format +msgid "You must pass --~a to set the JWKS URI.\n" +msgstr "" + +#: src/scm/webid-oidc/program.scm:382 +#, scheme-format +msgid "You must pass --~a to set the authorization endpoint URI.\n" +msgstr "" + +#: src/scm/webid-oidc/program.scm:386 +#, scheme-format +msgid "You must pass --~a to set the token endpoint URI.\n" +msgstr "" + +#: src/scm/webid-oidc/program.scm:412 +#, scheme-format +msgid "" +"The client locale ~s can’t be approximated by system locale ~s (because ~a), " +"using C.\n" +msgstr "" + +#: src/scm/webid-oidc/program.scm:426 #, scheme-format msgid "Unknown command ~s\n" msgstr "" diff --git a/src/Makefile.am b/src/Makefile.am index 1876a55..5932f1d 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,6 +1,6 @@ lib_LTLIBRARIES += %reldir%/libwebidoidc.la -dist_bin_SCRIPTS += %reldir%/webid-oidc-issuer %reldir%/webid-oidc %reldir%/webid-oidc-hello %reldir%/webid-oidc-client-service %reldir%/webid-oidc-example-app +dist_bin_SCRIPTS += %reldir%/webid-oidc %reldir%/webid-oidc-hello %reldir%/webid-oidc-client-service %reldir%/webid-oidc-example-app AM_CPPFLAGS += -I %reldir% -I $(srcdir)/%reldir% diff --git a/src/scm/webid-oidc/identity-provider.scm b/src/scm/webid-oidc/identity-provider.scm index 8df4386..6f96b44 100644 --- a/src/scm/webid-oidc/identity-provider.scm +++ b/src/scm/webid-oidc/identity-provider.scm @@ -122,246 +122,3 @@ (body (h1 "Resource not found") (p "This OpenID Connect identity provider does not know the resource you are requesting.")))))))))))))))) - -(define-public (main) - (define* (http-get-with-log uri #:key (headers '())) - (define date (date->string (time-utc->date (current-time)))) - (define uri-string (if (uri? uri) (uri->string uri) uri)) - (format (current-error-port) "~a: GET ~a ~s...\n" - date uri-string headers) - (receive (response response-body) (http-get uri #:headers headers) - (if response-body - (format (current-error-port) "~a: GET ~a ~s: ~s ~a bytes\n" - date uri-string headers response - (if (bytevector? response-body) - (bytevector-length response-body) - (string-length response-body))) - (format (current-error-port) "~a: GET ~a ~s: ~s\n" - date uri-string headers response)) - (values response response-body))) - (define cache-http-get - (with-cache #:http-get http-get-with-log)) - (setlocale LC_ALL "") - (bindtextdomain cfg:package cfg:localedir) - (textdomain cfg:package) - (let ((version-sym - (string->symbol (G_ "command-line|version"))) - (help-sym - (string->symbol (G_ "comand-line|help"))) - (issuer-sym - (string->symbol (G_ "comand-line|issuer"))) - (key-file-sym - (string->symbol (G_ "comand-line|key-file"))) - (subject-sym - (string->symbol (G_ "comand-line|subject"))) - (password-sym - (string->symbol (G_ "comand-line|password"))) - (jwks-uri-sym - (string->symbol (G_ "comand-line|jwks-uri"))) - (authorization-endpoint-uri-sym - (string->symbol (G_ "comand-line|authorization-endpoint-uri"))) - (token-endpoint-uri-sym - (string->symbol (G_ "comand-line|token-endpoint-uri"))) - (port-sym - (string->symbol (G_ "comand-line|port"))) - (log-file-sym - (string->symbol (G_ "comand-line|log-file"))) - (error-file-sym - (string->symbol (G_ "comand-line|error-file")))) - (let ((options - (let ((option-spec - `((,version-sym (single-char #\v) (value #f)) - (,help-sym (single-char #\h) (value #f)) - (,issuer-sym (single-char #\i) (value #t)) - (,key-file-sym (single-char #\k) (value #t)) - (,subject-sym (single-char #\s) (value #t)) - (,password-sym (single-char #\w) (value #t)) - (,jwks-uri-sym (single-char #\j) (value #t)) - (,authorization-endpoint-uri-sym (single-char #\a) (value #t)) - (,token-endpoint-uri-sym (single-char #\t) (value #t)) - (,port-sym (single-char #\p) (value #t)) - (,log-file-sym (single-char #\l) (value #t)) - (,error-file-sym (single-char #\e) (value #t))))) - (getopt-long (command-line) option-spec)))) - (cond - ((option-ref options help-sym #f) - (format #t (G_ "Usage: ~a [OPTIONS]... - -Run the Solid identity provider for a specific user. - -Options: - -h, --~a: - display this help message and exit. - -v, --~a: - display the version information (~a) and exit. - -i URI, --~a=URI: - set the public server host name. - -k FILE, --~a=FILE.jwk: - set the file name of the key file. If it does not exist, a new - key is generated. - -s WEBID, --~a=WEBID: - set the identity of the subject. - -w PASSWORD, --~a=PASSWORD: - set the password to recognize the user. - -j URI, --~a=URI: - set the URI to query the key of the server. - -a URI, --~a=URI: - set the authorization endpoint of the issuer. - -t URI, --~a=URI: - set the token endpoint of the issuer. - -p PORT, --~a=PORT: - set the port to bind (instead of 8080). - -l FILE.log, --~a=FILE.log: - dump the standard output to that file. - -e FILE.err, --~a=FILE.err: - dump the standard error to that file. - -Environment variables: - - LANG: set the locale of the sysadmin-facing interface (the user -pages are translated according to the user agent’s Accept-language -header), for log files and command-line interface. It is currently ~a. - - XDG_DATA_HOME: where to store the refresh tokens (under the -webid-oidc directory). For a system service, it is recommended to set -it to /var/lib. Currently set to ~a. - - XDG_CACHE_HOME: where to store and update the seed file for the -random number generator. If you remove it, you need to restart the -program to use a different seed. Currently set to ~a. - - HOME: if XDG_DATA_HOME or XDG_CACHE_HOME is not set, they are -computed from the value of the HOME environment variable. It is not -used otherwise. Currently set to ~a. - -Example used in webid-oidc-demo.planete-kraus.eu (except it’s managed -by shepherd in reality): - - export LANG=C - export XDG_DATA_HOME=/var/lib - export XDG_CACHE_HOME=/var/cache - webid-oidc-issuer \\ - --issuer https://webid-oidc-demo.planete-kraus.eu \\ - --key-file /var/lib/webid-oidc/issuer/key.jwk \\ - --subject https://webid-oidc-demo.planete-kraus.eu/profile/card#me \\ - --password \"$PASSWORD\" \\ - --jwks-uri https://webid-oidc-demo.planete-kraus.eu/keys \\ - --authorization-endpoint-uri https://webid-oidc-demo.planete-kraus.eu/authorize \\ - --token-endpoint-uri https://webid-oidc-demo.planete-kraus.eu/token \\ - --port $PORT - -If you find a bug, send a report to ~a. -") - (car (command-line)) - help-sym version-sym - cfg:version - issuer-sym key-file-sym subject-sym password-sym - jwks-uri-sym authorization-endpoint-uri-sym - token-endpoint-uri-sym port-sym log-file-sym error-file-sym - (or (getenv "LANG") "") - (or (getenv "XDG_DATA_HOME") "") - (or (getenv "XDG_CACHE_HOME") "") - (or (getenv "HOME") "") - cfg:package-bugreport)) - ((option-ref options version-sym #f) - (format #t (G_ "~a version ~a\n") - cfg:package cfg:version)) - (else - (let ((issuer (option-ref options issuer-sym #f)) - (key-file (option-ref options key-file-sym #f)) - (subject (option-ref options subject-sym #f)) - (password (option-ref options password-sym #f)) - (jwks-uri (option-ref options jwks-uri-sym #f)) - (authorization-endpoint-uri - (option-ref options authorization-endpoint-uri-sym #f)) - (token-endpoint-uri - (option-ref options token-endpoint-uri-sym #f)) - (port-string - (option-ref options port-sym "8080")) - (log-file-string - (option-ref options log-file-sym #f)) - (error-file-string - (option-ref options error-file-sym #f)) - (jti-list (make-jti-list))) - (when log-file-string - (set-current-output-port (stubs:open-output-file* log-file-string)) - (setvbuf (current-output-port) 'none)) - (when error-file-string - (set-current-error-port (stubs:open-output-file* error-file-string)) - (setvbuf (current-error-port) 'none)) - (unless (and issuer (string->uri issuer)) - (format (current-error-port) - (G_ "You need to set the issuer.\n")) - (exit 1)) - (unless key-file - (format (current-error-port) - (G_ "You need to set the file name of the key file.\n")) - (exit 1)) - (unless (and subject (string->uri subject)) - (format (current-error-port) - (G_ "You need to set the identity of the subject.\n")) - (exit 1)) - (unless password - (format (current-error-port) - (G_ "You need to set the password to verify the identity of the subject.\n")) - (exit 1)) - (unless (and jwks-uri (string->uri jwks-uri)) - (format (current-error-port) - (G_ "You need to set the JWKS URI.\n")) - (exit 1)) - (unless (and authorization-endpoint-uri - (string->uri authorization-endpoint-uri)) - (format (current-error-port) - (G_ "You need to set the authorization endpoint URI.\n")) - (exit 1)) - (unless (and token-endpoint-uri - (string->uri token-endpoint-uri)) - (format (current-error-port) - (G_ "You need to set the token endpoint URI.\n")) - (exit 1)) - (unless (and (string->number port-string) - (integer? (string->number port-string)) - (>= (string->number port-string) 0) - (<= (string->number port-string) 65535)) - (format (current-error-port) - (G_ "The port should be a number between 0 and 65535.\n")) - (exit 1)) - (let ((handler - (make-identity-provider - (string->uri issuer) - key-file - (string->uri subject) - password - (string->uri jwks-uri) - (string->uri authorization-endpoint-uri) - (string->uri token-endpoint-uri) - jti-list - #:current-time current-time - #:http-get cache-http-get))) - (let ((handler-with-log - (lambda (request request-body) - (with-exception-handler - (lambda (error) - (format (current-error-port) - (G_ "~a: Internal server error: ~a\n") - (date->string (time-utc->date (current-time))) - (error->str error)) - (values - (build-response #:code 500 - #:reason-phrase "Internal Server Error") - "Sorry, there was an error.")) - (lambda () - (with-exception-handler - (lambda (error) - (format (current-error-port) - (G_ "The client locale ~s can’t be approximated by system locale ~s (because ~a), using C.\n") - ((record-accessor &unknown-client-locale 'web-locale) error) - ((record-accessor &unknown-client-locale 'c-locale) error) - (error->str error))) - (lambda () - (handler request request-body)) - #:unwind? #t - #:unwind-for-type &unknown-client-locale)) - #:unwind? #t)))) - (install-suspendable-ports!) - (run-server handler-with-log 'http (list #:port (string->number port-string))))))))))) diff --git a/src/scm/webid-oidc/program.scm b/src/scm/webid-oidc/program.scm index b8878b0..3582eaa 100644 --- a/src/scm/webid-oidc/program.scm +++ b/src/scm/webid-oidc/program.scm @@ -1,6 +1,8 @@ (define-module (webid-oidc program) #:use-module (webid-oidc errors) #:use-module (webid-oidc reverse-proxy) + #:use-module (webid-oidc identity-provider) + #:use-module (webid-oidc jti) #:use-module ((webid-oidc stubs) #:prefix stubs:) #:use-module ((webid-oidc config) #:prefix cfg:) #:use-module (ice-9 optargs) @@ -58,16 +60,34 @@ (string->symbol (G_ "command-line|server|reverse-proxy|backend-uri"))) (header-sym (string->symbol (G_ "command-line|server|reverse-proxy|header"))) + (key-file-sym + (string->symbol (G_ "command-line|server|issuer|key-file"))) + (subject-sym + (string->symbol (G_ "command-line|server|issuer|subject"))) + (password-sym + (string->symbol (G_ "command-line|server|issuer|password"))) + (jwks-uri-sym + (string->symbol (G_ "command-line|server|issuer|jwks-uri"))) + (authorization-endpoint-uri-sym + (string->symbol (G_ "command-line|server|issuer|authorization-endpoint-uri"))) + (token-endpoint-uri-sym + (string->symbol (G_ "command-line|server|issuer|token-endpoint-uri"))) (log-file-sym - (string->symbol (G_ "comand-line|log-file"))) + (string->symbol (G_ "command-line|log-file"))) (error-file-sym - (string->symbol (G_ "comand-line|error-file")))) + (string->symbol (G_ "command-line|error-file")))) (let ((options (let ((spec `((,version-sym (single-char #\v) (value #f)) (,help-sym (single-char #\h) (value #f)) (,log-file-sym (single-char #\l) (value #t)) (,error-file-sym (single-char #\e) (value #t)) + (,key-file-sym (single-char #\k) (value #t)) + (,subject-sym (single-char #\s) (value #t)) + (,password-sym (single-char #\w) (value #t)) + (,jwks-uri-sym (single-char #\j) (value #t)) + (,authorization-endpoint-uri-sym (single-char #\a) (value #t)) + (,token-endpoint-uri-sym (single-char #\t) (value #t)) (,port-sym (single-char #\p) (value #t)) (,server-name-sym (single-char #\n) (value #t)) (,header-sym (single-char #\H) (value #t)) @@ -80,8 +100,10 @@ Run the webid-oidc COMMAND. Available commands: - ~a: + ~a: run an authenticating reverse proxy. + ~a: + run an identity provider. General options: -h, --~a: @@ -107,11 +129,38 @@ Options for the reverse proxy: set the backend URI for the reverse proxy, only for the reverse-proxy command. +Options for the identity provider: + -k FILE, --~a=FILE.jwk: + set the file name of the key file. If it does not exist, a new + key is generated. + -s WEBID, --~a=WEBID: + set the identity of the subject. + -w PASSWORD, --~a=PASSWORD: + set the password to recognize the user. + -j URI, --~a=URI: + set the URI to query the key of the server. + -a URI, --~a=URI: + set the authorization endpoint of the issuer. + -t URI, --~a=URI: + set the token endpoint of the issuer. + Environment variables: LANG: set the locale of the user interface (for the server commands, the user is the system administrator).~a + XDG_DATA_HOME: where the program stores persistent data. The +identity provider stores the refresh tokens. For a system service, it +is recommended to set it to /var/lib.~a + + XDG_CACHE_HOME: where the program stores and updates the seed file, +and the web client cache. You can remove this directory at any +time. The seed file will be initialized from /dev/random.~a + + HOME: if XDG_DATA_HOME or XDG_CACHE_HOME is not set, they are +computed from the value of the HOME environment variable. It is not +used otherwise.~a + Running a reverse proxy Suppose that you operate data.provider.com. You want to run an @@ -131,12 +180,30 @@ from this reverse proxy. --~a '/var/log/proxy.log' \\ --~a '/var/log/proxy.err' +Running an identity provider + +The identity provider running at webid-oidc-demo.planete-kraus.eu is +invoked with the following options: + + export XDG_DATA_HOME=/var/lib + export XDG_CACHE_HOME=/var/cache + ~a ~a \\ + --~a 'https://webid-oidc-demo.planete-kraus.eu' \\ + --~a '/var/lib/webid-oidc/issuer/key.jwk' \\ + --~a 'https://webid-oidc-demo.planete-kraus.eu/profile/card#me' \\ + --~a \"$PASSWORD\" \\ + --~a 'https://webid-oidc-demo.planete-kraus.eu/keys' \\ + --~a 'https://webid-oidc-demo.planete-kraus.eu/authorize' \\ + --~a 'https://webid-oidc-demo.planete-kraus.eu/token' \\ + --~a $PORT + If you find a bug, then please send a report to ~a. ") ;; Usage: (car (command-line)) ;; Available commands: (G_ "command-line|command|reverse-proxy") + (G_ "command-line|command|identity-provider") ;; General options ;; help help-sym @@ -157,12 +224,30 @@ If you find a bug, then please send a report to ~a. header-sym ;; backend-uri backend-uri-sym + ;; Options for the identity provider + key-file-sym + subject-sym + password-sym + jwks-uri-sym + authorization-endpoint-uri-sym + token-endpoint-uri-sym ;; Environment variables - ;; LANG (if (getenv "LANG") (format #f (G_ "an environment variable| It is currently set to ~s.") (getenv "LANG")) (G_ "an environment variable| It is currently unset.")) + (if (getenv "XDG_DATA_HOME") + (format #f (G_ "an environment variable| It is currently set to ~s.") + (getenv "XDG_DATA_HOME")) + (G_ "an environment variable| It is currently unset.")) + (if (getenv "XDG_CACHE_HOME") + (format #f (G_ "an environment variable| It is currently set to ~s.") + (getenv "XDG_CACHE_HOME")) + (G_ "an environment variable| It is currently unset.")) + (if (getenv "HOME") + (format #f (G_ "an environment variable| It is currently set to ~s.") + (getenv "HOME")) + (G_ "an environment variable| It is currently unset.")) ;; Running a reverse proxy ;; Program name (car (command-line)) @@ -171,6 +256,12 @@ If you find a bug, then please send a report to ~a. ;; options port-sym server-name-sym backend-uri-sym header-sym log-file-sym error-file-sym + ;; Running an identity provider + (car (command-line)) + (G_ "command-line|command|identity-provider") + server-name-sym key-file-sym subject-sym password-sym + jwks-uri-sym authorization-endpoint-uri-sym + token-endpoint-uri-sym port-sym ;; Bug report cfg:package-bugreport)) ((option-ref options version-sym #f) @@ -214,7 +305,21 @@ If you find a bug, then please send a report to ~a. (header (let ((str (option-ref options header-sym #f))) (and str - (string->symbol str))))) + (string->symbol str)))) + (key-file (option-ref options key-file-sym #f)) + (subject + (let ((str (option-ref options subject-sym #f))) + (and str (string->uri str)))) + (password (option-ref options password-sym #f)) + (jwks-uri + (let ((str (option-ref options jwks-uri-sym #f))) + (and str (string->uri str)))) + (authorization-endpoint-uri + (let ((str (option-ref options authorization-endpoint-uri-sym #f))) + (and str (string->uri str)))) + (token-endpoint-uri + (let ((str (option-ref options token-endpoint-uri-sym #f))) + (and str (string->uri str))))) (when (null? rest) (format (current-error-port) (G_ "Usage: ~a COMMAND [OPTIONS]...\nSee --~a (-h).\n") @@ -251,7 +356,73 @@ If you find a bug, then please send a report to ~a. #:auth-header header) 'http (list #:port port)))) - (else + ((equal? command (G_ "command-line|command|identity-provider")) + (begin + (unless server-name + (format (current-error-port) (G_ "You must pass --~a to set the server name.\n") + server-name-sym) + (exit 1)) + (unless key-file + (format (current-error-port) (G_ "You must pass --~a to set the file where to store the identity provider key.\n") + key-file-sym) + (exit 1)) + (unless subject + (format (current-error-port) (G_ "You must pass --~a to set the subject of the identity provider.\n") + subject-sym) + (exit 1)) + (unless password + (format (current-error-port) (G_ "You must pass --~a to set the subject’s password.\n") + password-sym) + (exit 1)) + (unless jwks-uri + (format (current-error-port) (G_ "You must pass --~a to set the JWKS URI.\n") + jwks-uri-sym) + (exit 1)) + (unless authorization-endpoint-uri + (format (current-error-port) (G_ "You must pass --~a to set the authorization endpoint URI.\n") + authorization-endpoint-uri-sym) + (exit 1)) + (unless token-endpoint-uri + (format (current-error-port) (G_ "You must pass --~a to set the token endpoint URI.\n") + token-endpoint-uri-sym) + (exit 1)) + (let ((handler + (make-identity-provider + server-name key-file subject password jwks-uri + authorization-endpoint-uri token-endpoint-uri + (make-jti-list) + #:current-time current-time + #:http-get cache-http-get))) + (let ((handler-with-log + (lambda (request request-body) + (with-exception-handler + (lambda (error) + (format (current-error-port) + (G_ "~a: Internal server error: ~a\n") + (date->string (time-utc->date (current-time))) + (error->str error)) + (values + (build-response #:code 500 + #:reason-phrase "Internal Server Error") + "Sorry, there was an error.")) + (lambda () + (with-exception-handler + (lambda (error) + (format (current-error-port) + (G_ "The client locale ~s can’t be approximated by system locale ~s (because ~a), using C.\n") + ((record-accessor &unknown-client-locale 'web-locale) error) + ((record-accessor &unknown-client-locale 'c-locale) error) + (error->str error))) + (lambda () + (handler request request-body)) + #:unwind? #t + #:unwind-for-type &unknown-client-locale)) + #:unwind? #t)))) + (run-server + handler-with-log + 'http + (list #:port port)))))) + (else (format (current-error-port) (G_ "Unknown command ~s\n") command) (exit 1)))))))))) |