chore: sync image manifests (#1396)

* build: update dependencies * feat: download oxternal files for FIDO2 * chore: sync templates and schema
JanssenProject · May 19, 2022 · 9d183fa · 9d183fa
1 parent ae3ba8c
commit 9d183fa
Show file tree

Hide file tree

Showing 11 changed files with 41 additions and 48 deletions.
diff --git a/docker-jans-auth-server/Dockerfile b/docker-jans-auth-server/Dockerfile
@@ -55,7 +55,7 @@ RUN /opt/jython/bin/pip uninstall -y pip
 # ===========
 
 ENV CN_VERSION=1.0.0-SNAPSHOT
-ENV CN_BUILD_DATE='2022-05-06 08:15'
+ENV CN_BUILD_DATE='2022-05-18 15:30'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-server/${CN_VERSION}/jans-auth-server-${CN_VERSION}.war
 
 # Install Jans Auth

diff --git a/docker-jans-certmanager/Dockerfile b/docker-jans-certmanager/Dockerfile
@@ -17,7 +17,7 @@ RUN apk update \
 
 # JAR files required to generate OpenID Connect keys
 ENV CN_VERSION=1.0.0-SNAPSHOT
-ENV CN_BUILD_DATE='2022-04-21 10:21'
+ENV CN_BUILD_DATE='2022-05-18 15:46'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-client/${CN_VERSION}/jans-auth-client-${CN_VERSION}-jar-with-dependencies.jar
 
 RUN wget -q ${CN_SOURCE_URL} -P /app/javalibs/

diff --git a/docker-jans-client-api/Dockerfile b/docker-jans-client-api/Dockerfile
@@ -16,7 +16,7 @@ RUN apk update \
 # ==========
 
 ENV CN_VERSION=1.0.0-SNAPSHOT
-ENV CN_BUILD_DATE='2022-04-21 08:51'
+ENV CN_BUILD_DATE='2022-04-22 08:50'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-client-api-server/${CN_VERSION}/jans-client-api-server-${CN_VERSION}-distribution.zip
 
 RUN wget -q ${CN_SOURCE_URL} -O /tmp/client-api.zip \

diff --git a/docker-jans-config-api/Dockerfile b/docker-jans-config-api/Dockerfile
@@ -32,7 +32,7 @@ RUN wget -q https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-home/${JETTY_
 # ==========
 
 ENV CN_VERSION=1.0.0-SNAPSHOT
-ENV CN_BUILD_DATE='2022-04-30 08:16'
+ENV CN_BUILD_DATE='2022-05-18 15:33'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-config-api-server/${CN_VERSION}/jans-config-api-server-${CN_VERSION}.war
 
 # Install Jans Config API

diff --git a/docker-jans-configurator/Dockerfile b/docker-jans-configurator/Dockerfile
@@ -17,7 +17,7 @@ RUN apk update \
 
 # JAR files required to generate OpenID Connect keys
 ENV CN_VERSION=1.0.0-SNAPSHOT
-ENV CN_BUILD_DATE='2022-04-21 10:21'
+ENV CN_BUILD_DATE='2022-05-18 15:46'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-client/${CN_VERSION}/jans-auth-client-${CN_VERSION}-jar-with-dependencies.jar
 
 RUN wget -q ${CN_SOURCE_URL} -P /app/javalibs/

diff --git a/docker-jans-fido2/Dockerfile b/docker-jans-fido2/Dockerfile
@@ -35,7 +35,7 @@ EXPOSE 8080
 # =====
 
 ENV CN_VERSION=1.0.0-SNAPSHOT
-ENV CN_BUILD_DATE='2022-04-21 08:13'
+ENV CN_BUILD_DATE='2022-05-18 15:29'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-fido2-server/${CN_VERSION}/jans-fido2-server-${CN_VERSION}.war
 
 # Install FIDO2
@@ -79,8 +79,10 @@ RUN cd /tmp/jans \
 # cleanup
 RUN rm -rf /tmp/jans
 
-# download Apple cert
-RUN wget -q https://www.apple.com/certificateauthority/Apple_WebAuthn_Root_CA.pem -P /etc/jans/conf/fido2
+# download external files
+RUN wget -q https://www.apple.com/certificateauthority/Apple_WebAuthn_Root_CA.pem -P /etc/jans/conf/fido2/apple/ \
+    && wget -q https://mds.fidoalliance.org/ -O /etc/jans/conf/fido2/mds/toc/toc.jwt \
+    && wget -q http://secure.globalsign.com/cacert/root-r3.crt -P /etc/jans/conf/fido2/mds/cert/
 
 # ======
 # Python

diff --git a/docker-jans-persistence-loader/Dockerfile b/docker-jans-persistence-loader/Dockerfile
@@ -23,7 +23,7 @@ RUN python3 -m ensurepip \
 # jans-linux-setup sync
 # =====================
 
-ENV JANS_LINUX_SETUP_VERSION=5ad9c627e32490f9a0c0e70c6840b8a289aaaaec
+ENV JANS_LINUX_SETUP_VERSION=f27b30acb95e7bd59c5088350978d3792cb90a69
 ARG JANS_SETUP_DIR=jans-linux-setup/jans_setup
 
 # note that as we're pulling from a monorepo (with multiple project in it)

diff --git a/docker-jans-persistence-loader/scripts/upgrade.py b/docker-jans-persistence-loader/scripts/upgrade.py
@@ -7,15 +7,15 @@
 
 from ldif import LDIFParser
 
-from jans.pycloudlib.persistence.couchbase import CouchbaseClient
-from jans.pycloudlib.persistence.ldap import LdapClient
-from jans.pycloudlib.persistence.spanner import SpannerClient
-from jans.pycloudlib.persistence.sql import SqlClient
+from jans.pycloudlib.persistence import CouchbaseClient
+from jans.pycloudlib.persistence import LdapClient
+from jans.pycloudlib.persistence import SpannerClient
+from jans.pycloudlib.persistence import SqlClient
+from jans.pycloudlib.persistence import doc_id_from_dn
+from jans.pycloudlib.persistence import id_from_dn
 from jans.pycloudlib.utils import as_boolean
 
 from settings import LOGGING_CONFIG
-from utils import doc_id_from_dn
-from utils import id_from_dn
 from utils import get_role_scope_mappings
 
 logging.config.dictConfig(LOGGING_CONFIG)
@@ -85,13 +85,24 @@ def _transform_auth_dynamic_config(conf):
             conf["tokenEndpointAuthMethodsSupported"].append("private_key_jwt")
             should_update = True
 
-        if "forceSignedRequestObject" not in conf:
-            conf["forceSignedRequestObject"] = False
-            should_update = True
-
         if conf["redirectUrisRegexEnabled"]:
             conf["redirectUrisRegexEnabled"] = False
             should_update = True
+    else:
+        if all([
+            os.environ.get("CN_PERSISTENCE_TYPE") in ("sql", "spanner"),
+            conf["personCustomObjectClassList"]
+        ]):
+            conf["personCustomObjectClassList"] = []
+            should_update = True
+
+        if "subjectIdentifiersPerClientSupported" not in conf:
+            conf["subjectIdentifiersPerClientSupported"] = ["mail", "uid"]
+            should_update = True
+
+    if "forceSignedRequestObject" not in conf:
+        conf["forceSignedRequestObject"] = False
+        should_update = True
 
     if "grantTypesAndResponseTypesAutofixEnabled" not in conf:
         conf["grantTypesAndResponseTypesAutofixEnabled"] = False
@@ -126,13 +137,6 @@ def _transform_auth_dynamic_config(conf):
         conf["httpLoggingExcludePaths"] = conf.pop("httpLoggingExludePaths", [])
         should_update = True
 
-    if all([
-        os.environ.get("CN_PERSISTENCE_TYPE") in ("sql", "spanner"),
-        conf["personCustomObjectClassList"]
-    ]):
-        conf["personCustomObjectClassList"] = []
-        should_update = True
-
     # return the conf and flag to determine whether it needs update or not
     return conf, should_update
 

diff --git a/docker-jans-persistence-loader/scripts/utils.py b/docker-jans-persistence-loader/scripts/utils.py
@@ -160,8 +160,8 @@ def merge_extension_ctx(ctx):
         basedir = "/app/openbanking/static/extension"
 
     filepath = Path(basedir)
-    for ext_path in filepath.glob("**/*.py"):
-        if not ext_path.is_file():
+    for ext_path in filepath.glob("**/*"):
+        if not ext_path.is_file() or ext_path.suffix.lower() not in (".py", ".java"):
             continue
 
         ext_name = f"{ext_path.parent.name.lower()}_{ext_path.stem.lower()}"
@@ -398,25 +398,6 @@ def site_files():
     return ldif_mappings
 
 
-def doc_id_from_dn(dn):
-    parsed_dn = dnutils.parse_dn(dn)
-    doc_id = parsed_dn[0][1]
-
-    if doc_id == "jans":
-        doc_id = "_"
-    return doc_id
-
-
-def id_from_dn(dn):
-    # for example: `"inum=29DA,ou=attributes,o=jans"`
-    # becomes `["29DA", "attributes"]`
-    dns = [i.split("=")[-1] for i in dn.split(",") if i != "o=jans"]
-    dns.reverse()
-
-    # the actual key
-    return '_'.join(dns) or "_"
-
-
 def get_config_api_swagger(path="/app/static/jans-config-api-swagger.yaml"):
     with open(path) as f:
         txt = f.read()

diff --git a/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.json b/docker-jans-persistence-loader/templates/jans-auth/jans-auth-config.json
@@ -26,6 +26,11 @@
     "backchannelDeviceRegistrationEndpoint":"https://%(hostname)s/jans-auth/restv1/bc-deviceRegistration",
     "deviceAuthzEndpoint":"https://%(hostname)s/jans-auth/restv1/device_authorization",
     "openidSubAttribute":"inum",
+    "publicSubjectIdentifierPerClientEnabled": true,
+    "subjectIdentifiersPerClientSupported": [
+        "mail",
+        "uid"
+     ],
     "responseTypesSupported":[
         ["code"],
         ["code", "id_token"],
@@ -138,6 +143,7 @@
         "A128GCM",
         "A256GCM"
     ],
+    "forceSignedRequestObject": false,
     "requestObjectSigningAlgValuesSupported":[
         "none",
         "HS256",

diff --git a/docker-jans-scim/Dockerfile b/docker-jans-scim/Dockerfile
@@ -45,7 +45,7 @@ RUN wget -q https://ox.gluu.org/maven/org/gluufederation/jython-installer/${JYTH
 # ====
 
 ENV CN_VERSION=1.0.0-SNAPSHOT
-ENV CN_BUILD_DATE='2022-05-06 08:16'
+ENV CN_BUILD_DATE='2022-05-18 15:31'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-scim-server/${CN_VERSION}/jans-scim-server-${CN_VERSION}.war
 
 # Install SCIM