From 1dc4802d231bf4083d387a6db0765730075cc752 Mon Sep 17 00:00:00 2001 From: Vivien Kraus Date: Sun, 17 Oct 2021 14:52:14 +0200 Subject: Use the endpoint API --- guix/vkraus/systems/test.scm | 131 ++++++++++++++++++++++++++++++------------- 1 file changed, 92 insertions(+), 39 deletions(-) (limited to 'guix/vkraus/systems/test.scm') diff --git a/guix/vkraus/systems/test.scm b/guix/vkraus/systems/test.scm index 1bfc2b8..128ffee 100644 --- a/guix/vkraus/systems/test.scm +++ b/guix/vkraus/systems/test.scm @@ -21,12 +21,95 @@ #:use-module (vkraus packages disfluid) #:use-module (vkraus services disfluid)) +(define full-configuration + `((use-modules (webid-oidc server endpoint) + (webid-oidc server endpoint resource-server) + (webid-oidc server endpoint identity-provider) + (webid-oidc server endpoint client) + (webid-oidc oidc-configuration) + (oop goops)) + (make + #:routed + (list + (make + #:host "alice.localhost" + #:oidc-discovery + (make + #:path "/.well-known/openid-configuration" + #:configuration + (make + #:jwks-uri "http://alice.localhost/keys" + #:authorization-endpoint "http://alice.localhost/authorize" + #:token-endpoint "http://alice.localhost/token")) + #:authorization-endpoint + (make + #:path "/authorize" + #:subject "http://alice.localhost/profile/card#me" + #:encrypted-password ,(crypt "alice" "$6$.salt.for.Alice.") + #:key-file "/var/lib/disfluid/alice/key.jwk") + #:token-endpoint + (make + #:path "/token" + #:issuer "http://alice.localhost" + #:key-file "/var/lib/disfluid/alice/key.jwk") + #:jwks-endpoint + (make + #:path "/keys" + #:key-file "/var/lib/disfluid/alice/key.jwk") + #:default + (make + #:backend + (make + #:server-name "http://alice.localhost" + #:owner "http://alice.localhost/profile/card#me") + #:server-uri "http://alice.localhost")) + (make + #:host "bob.localhost" + #:oidc-discovery + (make + #:path "/.well-known/openid-configuration" + #:configuration + (make + #:jwks-uri "http://bob.localhost/keys" + #:authorization-endpoint "http://bob.localhost/authorize" + #:token-endpoint "http://bob.localhost/token")) + #:authorization-endpoint + (make + #:path "/authorize" + #:subject "http://bob.localhost/profile/card#me" + #:encrypted-password ,(crypt "bob" "$6$And.salt.for.Bob") + #:key-file "/var/lib/disfluid/bob/key.jwk") + #:token-endpoint + (make + #:path "/token" + #:issuer "http://bob.localhost" + #:key-file "/var/lib/disfluid/bob/key.jwk") + #:jwks-endpoint + (make + #:path "/keys" + #:key-file "/var/lib/disfluid/bob/key.jwk") + #:default + (make + #:backend + (make + #:server-name "http://bob.localhost" + #:owner "http://bob.localhost/profile/card#me") + #:server-uri "http://bob.localhost")) + (make + #:host "client.localhost" + #:client-id "https://client.localhost/id" + #:redirect-uris '("https://client.localhost/authorized") + #:client-name "Local Client Application" + #:client-uri "https://client.localhost/about" + #:grant-types '(authorization_code refresh_token) + #:response-types '(code)))))) + (operating-system (host-name "disfluid-test-system") (hosts-file (plain-file "hosts" - "127.0.0.1 localhost -::1 localhost + "127.0.0.1 localhost alice.localhost bob.localhost +::1 localhost alice.localhost bob.localhost ")) (users %base-user-accounts) (packages @@ -37,48 +120,18 @@ (append (list (service disfluid-service-type - `(("alice" - . ,(disfluid-server-configuration - (complete-corresponding-source "https://webid-oidc.planete-kraus.eu/complete-corresponding-source.tar.gz") - (server-name "http://localhost:8081") - (subject "http://localhost:8081/alice#me") - (encrypted-password-file - (computed-file "alice-password" - #~(let ((salt "$6$.salt.for.Alice.") - (password "alice")) - (call-with-output-file #$output - (lambda (port) - (format port "~a\n" - (crypt password salt))))))) - (key-file "/var/lib/disfluid/alice/key.jwk") - (jwks-uri "http://localhost:8081/keys") - (authorization-endpoint-uri "http://localhost:8081/authorize") - (token-endpoint-uri "http://localhost:8081/token") - (port 8081))) - ("bob" - . ,(disfluid-server-configuration - (complete-corresponding-source "https://webid-oidc.planete-kraus.eu/complete-corresponding-source.tar.gz") - (server-name "http://localhost:8082") - (subject "http://localhost:8082/bob#me") - (encrypted-password-file - (computed-file "bob-password" - #~(let ((salt "$6$And.salt.for.Bob") - (password "bob")) - (call-with-output-file #$output - (lambda (port) - (format port "~a\n" - (crypt password salt))))))) - (key-file "/var/lib/disfluid/bob/key.jwk") - (jwks-uri "http://localhost:8082/keys") - (authorization-endpoint-uri "http://localhost:8082/authorize") - (token-endpoint-uri "http://localhost:8082/token") - (port 8082)))))) + (disfluid-configuration + (complete-corresponding-source "http://ccs.local/disfluid.tar.gz") + (configuration + (scheme-file "disfluid-configuration.scm" + full-configuration)) + (port 8080)))) %base-services)) (timezone "Europe/Paris") (bootloader (bootloader-configuration (bootloader grub-efi-bootloader) - (target "/boot/efi"))) + (targets '("/boot/efi")))) (mapped-devices '()) (file-systems `(,(file-system -- cgit v1.2.3