Skip to content

Commit

Permalink
Expose la clé publique de l'application
Browse files Browse the repository at this point in the history
  • Loading branch information
Fabinout authored and egaillot committed Dec 26, 2024
1 parent 698027b commit d1f6f7c
Show file tree
Hide file tree
Showing 8 changed files with 100 additions and 0 deletions.
1 change: 1 addition & 0 deletions .env.oots.template
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
AVEC_REQUETE_PIECE_JUSTIFICATIVE= # active l'API /requete/pieceJustificative avec valeur true
CLE_PRIVEE_JWK_EN_BASE64= # Cle privée utilisée pour déchiffrer les infos (données au format JWK, chiffrées en base64)
DONNEES_DEPOT_SERVICES_COMMUNS_LOCAL= # données du bouchon des services communs
DONNEES_REQUETEURS= # données de l'annuaire des fournisseurs de service requêteurs
URL_OOTS_FRANCE= # URL Serveur OOTS-France, ex. https://oots.gouv.fr
Expand Down
2 changes: 2 additions & 0 deletions server.js
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
const EcouteurDomibus = require('./src/ecouteurDomibus');
const OOTS_FRANCE = require('./src/ootsFrance');
const adaptateurChiffrement = require('./src/adaptateurs/adaptateurChiffrement');
const AdaptateurDomibus = require('./src/adaptateurs/adaptateurDomibus');
const adaptateurEnvironnement = require('./src/adaptateurs/adaptateurEnvironnement');
const adaptateurUUID = require('./src/adaptateurs/adaptateurUUID');
Expand All @@ -16,6 +17,7 @@ const depotServicesCommuns = new DepotServicesCommuns();
const ecouteurDomibus = new EcouteurDomibus({ adaptateurDomibus, intervalleEcoute: 1000 });

const serveur = OOTS_FRANCE.creeServeur({
adaptateurChiffrement,
adaptateurDomibus,
adaptateurEnvironnement,
adaptateurUUID,
Expand Down
7 changes: 7 additions & 0 deletions src/adaptateurs/adaptateurChiffrement.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
const crypto = require('crypto');

const cleHachage = (chaine) => crypto.createHash('md5').update(chaine).digest('hex');

module.exports = {
cleHachage,
};
3 changes: 3 additions & 0 deletions src/adaptateurs/adaptateurEnvironnement.js
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
const avecRequetePieceJustificative = () => process.env.AVEC_REQUETE_PIECE_JUSTIFICATIVE === 'true';

const clePriveeJWK = () => JSON.parse(atob(process.env.CLE_PRIVEE_JWK_EN_BASE64));

const donneesDepotServicesCommunsLocal = () => (
JSON.parse(process.env.DONNEES_DEPOT_SERVICES_COMMUNS_LOCAL)
);
Expand All @@ -8,6 +10,7 @@ const donneesRequeteurs = () => JSON.parse(process.env.DONNEES_REQUETEURS);

module.exports = {
avecRequetePieceJustificative,
clePriveeJWK,
donneesDepotServicesCommunsLocal,
donneesRequeteurs,
};
4 changes: 4 additions & 0 deletions src/ootsFrance.js
Original file line number Diff line number Diff line change
@@ -1,12 +1,14 @@
const express = require('express');

const routesAdmin = require('./routes/routesAdmin');
const routesAuth = require('./routes/routesAuth');
const routesBase = require('./routes/routesBase');
const routesEbms = require('./routes/routesEbms');
const routesRequete = require('./routes/routesRequete');

const creeServeur = (config) => {
const {
adaptateurChiffrement,
adaptateurDomibus,
adaptateurEnvironnement,
adaptateurUUID,
Expand All @@ -24,6 +26,8 @@ const creeServeur = (config) => {

app.use('/admin', routesAdmin({ ecouteurDomibus }));

app.use('/auth', routesAuth({ adaptateurChiffrement, adaptateurEnvironnement }));

app.use('/ebms', routesEbms({ adaptateurUUID, horodateur }));

app.use('/requete', routesRequete({
Expand Down
33 changes: 33 additions & 0 deletions src/routes/routesAuth.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
const express = require('express');

const routesAuth = (config) => {
const {
adaptateurChiffrement,
adaptateurEnvironnement,
} = config;

const routes = express.Router();

routes.get('/cles_publiques', (_requete, reponse) => {
const { kty, n, e } = adaptateurEnvironnement.clePriveeJWK();
const idClePublique = adaptateurChiffrement.cleHachage(n);

const clePubliqueDansJWKSet = {
keys: [{
kid: idClePublique,
use: 'enc',
kty,
e,
n,
}],
};

reponse.set('Content-Type', 'application/json');
reponse.status(200)
.send(clePubliqueDansJWKSet);
});

return routes;
};

module.exports = routesAuth;
43 changes: 43 additions & 0 deletions test/routes/routesAuth.spec.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
const axios = require('axios');

const { leveErreur } = require('./utils');
const serveurTest = require('./serveurTest');

describe('Le serveur des routes `/auth`', () => {
const serveur = serveurTest();
let port;

beforeEach((suite) => serveur.initialise(() => {
port = serveur.port();
suite();
}));

afterEach((suite) => serveur.arrete(suite));

describe('sur GET /auth/cles_publiques', () => {
it('retourne les clés de chiffrement au format JSON Web Key Set', () => {
serveur.adaptateurEnvironnement().clePriveeJWK = () => ({
e: 'AQAB',
n: '503as-2qay5...',
kty: 'RSA',
});
serveur.adaptateurChiffrement().cleHachage = (chaine) => `hash de ${chaine}`;

return axios.get(`http://localhost:${port}/auth/cles_publiques`)
.then((reponse) => {
expect(reponse.status).toEqual(200);
expect(reponse.data).toEqual({
keys: [
{
kid: 'hash de 503as-2qay5...',
kty: 'RSA',
use: 'enc',
e: 'AQAB',
n: '503as-2qay5...',
}],
});
})
.catch(leveErreur);
});
});
});
7 changes: 7 additions & 0 deletions test/routes/serveurTest.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ const Requeteur = require('../../src/ebms/requeteur');
const TypeJustificatif = require('../../src/ebms/typeJustificatif');

const serveurTest = () => {
let adaptateurChiffrement;
let adaptateurDomibus;
let adaptateurEnvironnement;
let adaptateurUUID;
Expand All @@ -22,6 +23,10 @@ const serveurTest = () => {
};

const initialise = (suite) => {
adaptateurChiffrement = {
cleHachage: () => '',
};

adaptateurDomibus = {
envoieMessageRequete: () => Promise.resolve(),
urlRedirectionDepuisReponse: () => Promise.reject(new ErreurAbsenceReponseDestinataire('aucune URL reçue')),
Expand Down Expand Up @@ -69,6 +74,7 @@ const serveurTest = () => {

serveur = OOTS_FRANCE.creeServeur({
adaptateurDomibus,
adaptateurChiffrement,
adaptateurEnvironnement,
adaptateurUUID,
depotPointsAcces,
Expand All @@ -85,6 +91,7 @@ const serveurTest = () => {
const port = () => serveur.port();

return {
adaptateurChiffrement: () => adaptateurChiffrement,
adaptateurDomibus: () => adaptateurDomibus,
adaptateurEnvironnement: () => adaptateurEnvironnement,
adaptateurUUID: () => adaptateurUUID,
Expand Down

0 comments on commit d1f6f7c

Please sign in to comment.