diff options
| -rw-r--r-- | doc/disfluid.texi | 11 | ||||
| -rw-r--r-- | po/disfluid.pot | 56 | ||||
| -rw-r--r-- | po/fr.po | 61 | ||||
| -rw-r--r-- | src/scm/webid-oidc/jws.scm | 36 |
4 files changed, 108 insertions, 56 deletions
diff --git a/doc/disfluid.texi b/doc/disfluid.texi index 0047379..42437c2 100644 --- a/doc/disfluid.texi +++ b/doc/disfluid.texi @@ -532,6 +532,17 @@ Return two alists, following the JSON representation from srfi-180: one for the header, and then one for the payload. @end deffn +A token can also be serialized as SXML. + +@deffn {Generic} ->sxml @var{token} +Convert @var{token} to an SXML representation. +@end deffn + +@deffn {function} sxml->token @var{token-class} @var{sxml} +Construct and return a token of class @var{token-class} from +@var{sxml}. +@end deffn + @deffn {Generic} lookup-keys @var{token} @var{args} Return the set of keys that could be used to sign @var{token}, as a public key, a list of keys, or a JWKS. @var{args} is a list of keyword diff --git a/po/disfluid.pot b/po/disfluid.pot index 67b4c36..7702c98 100644 --- a/po/disfluid.pot +++ b/po/disfluid.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: disfluid SNAPSHOT\n" "Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n" -"POT-Creation-Date: 2021-09-21 22:28+0200\n" +"POT-Creation-Date: 2021-09-21 22:30+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -924,126 +924,130 @@ msgstr "" msgid "invalid content-type: ~s" msgstr "" -#: src/scm/webid-oidc/jws.scm:127 +#: src/scm/webid-oidc/jws.scm:131 #, scheme-format msgid "unsupported JWS algorithm: ~s" msgstr "" -#: src/scm/webid-oidc/jws.scm:137 +#: src/scm/webid-oidc/jws.scm:141 msgid "" "when making a token either #:alg or (#:jwt-header and #:jwt-payload) should " "be passed" msgstr "" -#: src/scm/webid-oidc/jws.scm:202 +#: src/scm/webid-oidc/jws.scm:206 msgid "#:iat should be a date" msgstr "" -#: src/scm/webid-oidc/jws.scm:207 +#: src/scm/webid-oidc/jws.scm:211 msgid "#:exp should be a date" msgstr "" -#: src/scm/webid-oidc/jws.scm:217 +#: src/scm/webid-oidc/jws.scm:221 msgid "" "when making a time-bound token, either its required fields (#:iat, and " "either #:exp or #:validity) or (#:jwt-header and #:jwt-payload) should be " "passed" msgstr "" -#: src/scm/webid-oidc/jws.scm:245 +#: src/scm/webid-oidc/jws.scm:249 msgid "#:iss should be an URI" msgstr "" -#: src/scm/webid-oidc/jws.scm:256 +#: src/scm/webid-oidc/jws.scm:260 msgid "" "when making an OIDC token, either its required #:iss field or (#:jwt-header " "and #:jwt-payload) should be passed" msgstr "" -#: src/scm/webid-oidc/jws.scm:300 +#: src/scm/webid-oidc/jws.scm:304 msgid "#:nonce should be a string" msgstr "" -#: src/scm/webid-oidc/jws.scm:309 +#: src/scm/webid-oidc/jws.scm:313 msgid "" "when making a single-use token, either its required #:nonce field or (#:jwt-" "header and #:jwt-payload) should be passed" msgstr "" -#: src/scm/webid-oidc/jws.scm:354 +#: src/scm/webid-oidc/jws.scm:358 msgid "the encoded JWS is not in 3 parts" msgstr "" -#: src/scm/webid-oidc/jws.scm:365 +#: src/scm/webid-oidc/jws.scm:369 #, scheme-format msgid "" "the encoded JWS header or payload is not a JSON object encoded in base64: ~a" msgstr "" -#: src/scm/webid-oidc/jws.scm:367 +#: src/scm/webid-oidc/jws.scm:371 msgid "" "the encoded JWS header or payload is not a JSON object encoded in base64" msgstr "" -#: src/scm/webid-oidc/jws.scm:426 +#: src/scm/webid-oidc/jws.scm:430 msgid "the JWS is not signed by any of the expected set of public keys" msgstr "" -#: src/scm/webid-oidc/jws.scm:437 +#: src/scm/webid-oidc/jws.scm:441 #, scheme-format msgid "while verifying the JWS signature: ~a" msgstr "" -#: src/scm/webid-oidc/jws.scm:439 +#: src/scm/webid-oidc/jws.scm:443 msgid "an unexpected error happened while verifying a JWS" msgstr "" -#: src/scm/webid-oidc/jws.scm:478 +#: src/scm/webid-oidc/jws.scm:482 #, scheme-format msgid "I cannot query the identity provider configuration: ~a" msgstr "" -#: src/scm/webid-oidc/jws.scm:480 +#: src/scm/webid-oidc/jws.scm:484 msgid "I cannot query the identity provider configuration" msgstr "" -#: src/scm/webid-oidc/jws.scm:501 +#: src/scm/webid-oidc/jws.scm:505 #, scheme-format msgid "I cannot query the JWKS URI of the identity provider: ~a" msgstr "" -#: src/scm/webid-oidc/jws.scm:503 +#: src/scm/webid-oidc/jws.scm:507 msgid "I cannot query the JWKS URI of the identity provider" msgstr "" -#: src/scm/webid-oidc/jws.scm:531 +#: src/scm/webid-oidc/jws.scm:535 #, scheme-format msgid "the token is signed in the future, ~a, relative to current ~a" msgstr "" -#: src/scm/webid-oidc/jws.scm:540 +#: src/scm/webid-oidc/jws.scm:544 #, scheme-format msgid "the token expired ~a, which is in the past (from ~a)" msgstr "" -#: src/scm/webid-oidc/jws.scm:563 +#: src/scm/webid-oidc/jws.scm:567 #, scheme-format msgid "cannot decode a JWS: ~a" msgstr "" -#: src/scm/webid-oidc/jws.scm:565 +#: src/scm/webid-oidc/jws.scm:569 msgid "cannot decode a JWS" msgstr "" -#: src/scm/webid-oidc/jws.scm:583 +#: src/scm/webid-oidc/jws.scm:587 #, scheme-format msgid "cannot encode a JWS: ~a" msgstr "" -#: src/scm/webid-oidc/jws.scm:585 +#: src/scm/webid-oidc/jws.scm:589 msgid "cannot encode a JWS" msgstr "" +#: src/scm/webid-oidc/jws.scm:636 +msgid "cannot parse a token" +msgstr "" + #: src/scm/webid-oidc/oidc-configuration.scm:59 #, scheme-format msgid "the OIDC configuration is invalid: ~a" @@ -2,8 +2,8 @@ msgid "" msgstr "" "Project-Id-Version: webid-oidc 0.0.0\n" "Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n" -"POT-Creation-Date: 2021-09-21 22:28+0200\n" -"PO-Revision-Date: 2021-09-21 22:28+0200\n" +"POT-Creation-Date: 2021-09-21 22:30+0200\n" +"PO-Revision-Date: 2021-09-21 22:30+0200\n" "Last-Translator: Vivien Kraus <vivien@planete-kraus.eu>\n" "Language-Team: French <vivien@planete-kraus.eu>\n" "Language: fr\n" @@ -1007,12 +1007,12 @@ msgstr "type de contenu manquant" msgid "invalid content-type: ~s" msgstr "type de contenu invalide : ~s" -#: src/scm/webid-oidc/jws.scm:127 +#: src/scm/webid-oidc/jws.scm:131 #, scheme-format msgid "unsupported JWS algorithm: ~s" msgstr "algorithme JWS non supporté : ~s" -#: src/scm/webid-oidc/jws.scm:137 +#: src/scm/webid-oidc/jws.scm:141 msgid "" "when making a token either #:alg or (#:jwt-header and #:jwt-payload) should " "be passed" @@ -1020,15 +1020,15 @@ msgstr "" "lors de la création d’un jeton il faut passer soit #:alg soit (#:jwt-header " "et #:jwt-payload)" -#: src/scm/webid-oidc/jws.scm:202 +#: src/scm/webid-oidc/jws.scm:206 msgid "#:iat should be a date" msgstr "#:iat doit être une date" -#: src/scm/webid-oidc/jws.scm:207 +#: src/scm/webid-oidc/jws.scm:211 msgid "#:exp should be a date" msgstr "#:exp doit être une date" -#: src/scm/webid-oidc/jws.scm:217 +#: src/scm/webid-oidc/jws.scm:221 msgid "" "when making a time-bound token, either its required fields (#:iat, and " "either #:exp or #:validity) or (#:jwt-header and #:jwt-payload) should be " @@ -1038,11 +1038,11 @@ msgstr "" "champs requis (#:iat et soit #:exp soit #:validity) soit (#:jwt-header et #:" "jwt-payload)" -#: src/scm/webid-oidc/jws.scm:245 +#: src/scm/webid-oidc/jws.scm:249 msgid "#:iss should be an URI" msgstr "#:iss doit être une URI" -#: src/scm/webid-oidc/jws.scm:256 +#: src/scm/webid-oidc/jws.scm:260 msgid "" "when making an OIDC token, either its required #:iss field or (#:jwt-header " "and #:jwt-payload) should be passed" @@ -1050,11 +1050,11 @@ msgstr "" "lors de la création d’un jeton OIDC, il faut passer soit le champs requis #:" "iss soit (#:jwt-header et #:jwt-payload)" -#: src/scm/webid-oidc/jws.scm:300 +#: src/scm/webid-oidc/jws.scm:304 msgid "#:nonce should be a string" msgstr "#:nonce doit être une chaîne de caractères" -#: src/scm/webid-oidc/jws.scm:309 +#: src/scm/webid-oidc/jws.scm:313 msgid "" "when making a single-use token, either its required #:nonce field or (#:jwt-" "header and #:jwt-payload) should be passed" @@ -1062,11 +1062,11 @@ msgstr "" "lors de la création d’un jeton à usage unique, il faut soit passer le champs " "requis #:nonce soit (#:jwt-header et #:jwt-payload)" -#: src/scm/webid-oidc/jws.scm:354 +#: src/scm/webid-oidc/jws.scm:358 msgid "the encoded JWS is not in 3 parts" msgstr "le JWS encodé n’est pas en 3 parties" -#: src/scm/webid-oidc/jws.scm:365 +#: src/scm/webid-oidc/jws.scm:369 #, scheme-format msgid "" "the encoded JWS header or payload is not a JSON object encoded in base64: ~a" @@ -1074,74 +1074,78 @@ msgstr "" "l’en-tête ou la charge utile du JWS encodé n’est pas un objet JSON encodé en " "base64 : ~a" -#: src/scm/webid-oidc/jws.scm:367 +#: src/scm/webid-oidc/jws.scm:371 msgid "" "the encoded JWS header or payload is not a JSON object encoded in base64" msgstr "" "l’en-tête ou la charge utile du JWS encodé n’est pas un objet JSON encodé en " "base64" -#: src/scm/webid-oidc/jws.scm:426 +#: src/scm/webid-oidc/jws.scm:430 msgid "the JWS is not signed by any of the expected set of public keys" msgstr "le JWS n’est signé par aucune des clés attendues" -#: src/scm/webid-oidc/jws.scm:437 +#: src/scm/webid-oidc/jws.scm:441 #, scheme-format msgid "while verifying the JWS signature: ~a" msgstr "en vérifiant la signature du JWS : ~a" -#: src/scm/webid-oidc/jws.scm:439 +#: src/scm/webid-oidc/jws.scm:443 msgid "an unexpected error happened while verifying a JWS" msgstr "une erreur inattendue est survenue pendant la vérification d’un JWS" -#: src/scm/webid-oidc/jws.scm:478 +#: src/scm/webid-oidc/jws.scm:482 #, scheme-format msgid "I cannot query the identity provider configuration: ~a" msgstr "" "je ne peux pas requêter la configuration du fournisseur d’identité : ~a" -#: src/scm/webid-oidc/jws.scm:480 +#: src/scm/webid-oidc/jws.scm:484 msgid "I cannot query the identity provider configuration" msgstr "je ne peux pas requêter la configuration du fournisseur d’identité" -#: src/scm/webid-oidc/jws.scm:501 +#: src/scm/webid-oidc/jws.scm:505 #, scheme-format msgid "I cannot query the JWKS URI of the identity provider: ~a" msgstr "je ne peux pas requêter l’URI de JWKS du fournisseur d’identité : ~a" -#: src/scm/webid-oidc/jws.scm:503 +#: src/scm/webid-oidc/jws.scm:507 msgid "I cannot query the JWKS URI of the identity provider" msgstr "impossible de requêter l’URI de JWKS du fournisseur d’identité" -#: src/scm/webid-oidc/jws.scm:531 +#: src/scm/webid-oidc/jws.scm:535 #, scheme-format msgid "the token is signed in the future, ~a, relative to current ~a" msgstr "" "le jeton est signé dans le futur, ~a, par rapport à la date courante, ~a" -#: src/scm/webid-oidc/jws.scm:540 +#: src/scm/webid-oidc/jws.scm:544 #, scheme-format msgid "the token expired ~a, which is in the past (from ~a)" msgstr "le jeton a expiré le ~a, qui est dans le passé (depuis ~a)" -#: src/scm/webid-oidc/jws.scm:563 +#: src/scm/webid-oidc/jws.scm:567 #, scheme-format msgid "cannot decode a JWS: ~a" msgstr "impossible de décoder un JWS : ~a" -#: src/scm/webid-oidc/jws.scm:565 +#: src/scm/webid-oidc/jws.scm:569 msgid "cannot decode a JWS" msgstr "impossible de décoder un JWS" -#: src/scm/webid-oidc/jws.scm:583 +#: src/scm/webid-oidc/jws.scm:587 #, scheme-format msgid "cannot encode a JWS: ~a" msgstr "impossible d’encoder un JWS : ~a" -#: src/scm/webid-oidc/jws.scm:585 +#: src/scm/webid-oidc/jws.scm:589 msgid "cannot encode a JWS" msgstr "impossible d’encoder un JWS" +#: src/scm/webid-oidc/jws.scm:636 +msgid "cannot parse a token" +msgstr "impossible d’analyser le jeton" + #: src/scm/webid-oidc/oidc-configuration.scm:59 #, scheme-format msgid "the OIDC configuration is invalid: ~a" @@ -2619,9 +2623,6 @@ msgstr "" #~ msgid "cannot encode the ID token: ~a" #~ msgstr "impossible d’encoder le jeton d’ID : ~a" -#~ msgid "cannot encode the ID token" -#~ msgstr "impossible d’encoder le jeton d’ID" - #, scheme-format #~ msgid "unknown key type ~s" #~ msgstr "type de clé inconnu ~s" diff --git a/src/scm/webid-oidc/jws.scm b/src/scm/webid-oidc/jws.scm index af83c90..22dabdd 100644 --- a/src/scm/webid-oidc/jws.scm +++ b/src/scm/webid-oidc/jws.scm @@ -29,6 +29,7 @@ #:use-module (ice-9 match) #:use-module (ice-9 optargs) #:use-module (web uri) + #:use-module (sxml match) #:use-module (oop goops) #:declarative? #t #:re-export @@ -83,6 +84,9 @@ encode issue + ->sxml + sxml->token + )) (define-exception-type @@ -600,3 +604,35 @@ (define* (issue token-class issuer-key . args) (encode (apply make token-class #:signing-key issuer-key args) issuer-key)) + +(define-method (->sxml (token <token>)) + (receive (header payload) (token->jwt token) + `(token + (@ (xmlns "https://disfluid.planete-kraus.eu/Tokens.html#Tokens") + (header ,(stubs:scm->json-string header)) + (payload ,(stubs:scm->json-string payload)))))) + +(define (sxml->token token-class fragment) + (let analyze ((tree fragment)) + (sxml-match + tree + ((*TOP* + (token (@ (xmlns "https://disfluid.planete-kraus.eu/Tokens.html#Tokens") + (header ,header) + (payload ,payload))) + . ,rest) + (analyze `(*TOP* + (https://disfluid.planete-kraus.eu/Tokens.html#Tokens:token + (@ (header ,header) + (payload ,payload)))))) + ((*TOP* + (https://disfluid.planete-kraus.eu/Tokens.html#Tokens:token + (@ (header ,header) + (payload ,payload)))) + (make token-class #:jwk-header header #:jwk-payload payload)) + ((*TOP* ,whatever . ,rest) + (analyze `(*TOP* ,@rest))) + ((*TOP*) + (fail (G_ "cannot parse a token"))) + (,_ + (analyze `(*TOP* ,tree)))))) |