Cleanup.

CMakeLists.txt

@@ -23,7 +23,3 @@ target_include_directories(jwp-plugin PUBLIC
   ${jwt-cpp_INCLUDE_DIR}
 )
 target_link_libraries(jwp-plugin OpenSSL::Crypto)
-
-add_executable(jwt-example src/jwt-example.cpp)
-target_include_directories(jwt-example PRIVATE ${jwt-cpp_INCLUDE_DIR})
-target_link_libraries(jwt-example OpenSSL::Crypto)

README.md

@@ -1,7 +1,8 @@
-sudo apt install mosquitto-dev g++ cmake libmosquitto-dev mosquitto-clients
 
+# Dependencies
+sudo apt install mosquitto-dev g++ cmake libmosquitto-dev mosquitto-clients
 sudo apt install openssl libssl-dev
 
-
+# Generating Ed25519 Keys for Testing
 openssl genpkey -algorithm Ed25519 -out priv.key
 openssl pkey -in priv.key -pubout > pub.key

include/jwp-plugin/AuthList.hpp

@@ -1,3 +1,16 @@
+// Copyright 2021 James Pace
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 #pragma once
 #include <forward_list>
 #include <string>

include/jwp-plugin/Authorizer.hpp

@@ -1,9 +1,24 @@
+// Copyright 2021 James Pace
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 #pragma once
 
-#include <string>
-#include <jwt-cpp/jwt.h>
 #include <jwp-plugin/AuthList.hpp>
+
+#include <jwt-cpp/jwt.h>
+
 #include <optional>
+#include <string>
 
 class Authorizer
 {

include/jwp-plugin/jwp-plugin.h

@@ -0,0 +1,30 @@
+// Copyright 2021 James Pace
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+extern "C" {
+    #include "mosquitto.h"
+    #include "mosquitto_broker.h"
+    #include "mosquitto_plugin.h"
+}
+
+// Stuff we're "exporting" for the dynamic loading.
+extern "C" {
+    int mosquitto_plugin_version(int supported_version_count, const int *supported_versions);
+    int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier, void **userdata, struct mosquitto_opt *options, int option_count);
+    int mosquitto_plugin_cleanup(void *userdata, struct mosquitto_opt *options, int option_count);
+}
+// My functions
+int jwp_auth_basic_auth_callback(int event, void *event_data, void *userdata);
+int jwp_acl_check_callback(int event, void *event_data, void *userdata);
+int jwp_disconnect_callback(int event, void *event_data, void *userdata);

priv.key

@@ -1,3 +0,0 @@
------BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEID6d/A9UnVV5xXf9RAvXSNTk/a1QNUrzfvawzEAWDh3e
------END PRIVATE KEY-----

pub.key

@@ -1,3 +0,0 @@
------BEGIN PUBLIC KEY-----
-MCowBQYDK2VwAyEA+IYMWskcPLcC8IsUy6xsj3whqlzYwFWuAmVR7ue/LLw=
------END PUBLIC KEY-----

src/AuthList.cpp

@@ -1,5 +1,18 @@
-#include <algorithm>
+// Copyright 2021 James Pace
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 #include <jwp-plugin/AuthList.hpp>
+#include <algorithm>
 
 AuthList::AuthList():
     _allowedUsernames{}

src/Authorizer.cpp

@@ -1,12 +1,24 @@
+// Copyright 2021 James Pace
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 #include <jwp-plugin/Authorizer.hpp>
-#include <string>
-#include <jwt-cpp/jwt.h>
 #include <jwp-plugin/AuthList.hpp>
+
+#include <jwt-cpp/jwt.h>
+
 #include <iostream>
 #include <fstream>
 #include <sstream>
-#include <optional>
-
 
 Authorizer::Authorizer(const std::string& pub_key, const std::string& issuer):
     _pub_key{pub_key},

src/jwp-plugin.cpp

@@ -1,29 +1,25 @@
-extern "C" {
-    #include "mosquitto.h"
-    #include "mosquitto_broker.h"
-    #include "mosquitto_plugin.h"
-}
+// Copyright 2021 James Pace
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#include <jwp-plugin/jwp-plugin.h>
+#include <jwp-plugin/Authorizer.hpp>
 #include <string>
 #include <memory>
-#include <jwp-plugin/Authorizer.hpp>
-
-// Stuff we're "exporting" for the dynamic loading.
-extern "C" {
-    int mosquitto_plugin_version(int supported_version_count, const int *supported_versions);
-    int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier, void **userdata, struct mosquitto_opt *options, int option_count);
-    int mosquitto_plugin_cleanup(void *userdata, struct mosquitto_opt *options, int option_count);
-}
-// My functions
-int jwp_auth_basic_auth_callback(int event, void *event_data, void *userdata);
-int jwp_acl_check_callback(int event, void *event_data, void *userdata);
-int jwp_disconnect_callback(int event, void *event_data, void *userdata);
-
 
 // Mosquitto Globals
 static mosquitto_plugin_id_t *plugin_id = nullptr;
 static std::unique_ptr<Authorizer> authorizer = nullptr;
 
-
 int mosquitto_plugin_version(int supported_version_count, const int *supported_versions)
 {
 	for(int index = 0; index < supported_version_count; index++)

src/jwt-example.cpp

@@ -1,55 +0,0 @@
-#include <jwt-cpp/jwt.h>
-#include <string>
-#include <iostream>
-
-int main(int argc, char *argv[])
-{
-    std::string pub_key = R"(-----BEGIN PUBLIC KEY-----
-MCowBQYDK2VwAyEA+IYMWskcPLcC8IsUy6xsj3whqlzYwFWuAmVR7ue/LLw=
------END PUBLIC KEY-----)";
-    std::string priv_key = R"(-----BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEID6d/A9UnVV5xXf9RAvXSNTk/a1QNUrzfvawzEAWDh3e
------END PRIVATE KEY-----)";
-
-    auto token = jwt::create()
-        .set_type("JWT")
-        .set_issuer("jamesp")
-        .set_subject("jimmy")
-        .set_audience("mqtt")
-        .set_payload_claim("topics", jwt::claim(std::string{"{'/help/*', '/test/*'}"}))
-        .set_expires_at(std::chrono::system_clock::now())
-        .sign(jwt::algorithm::ed25519(pub_key, priv_key, "", ""));
-
-    std::cout << "Token: " << token << std::endl;
-
-    auto verifier = jwt::verify()
-        .allow_algorithm(jwt::algorithm::ed25519(pub_key, "", "", ""))
-        .with_issuer("jamesp");
-
-    auto decoded = jwt::decode(token);
-
-    try
-    {
-        verifier.verify(decoded);
-    }
-    catch(jwt::error::token_verification_exception& exception)
-    {
-        std::cout << exception.what() << std::endl;
-        return -1;
-    }
-
-    for(auto& e : decoded.get_header_claims())
-    {
-        std::cout << e.first << ": " << e.second.to_json() << std::endl;
-    }
-
-    std::cout << std::endl;
-
-    for(auto& e : decoded.get_payload_claims())
-    {
-        std::cout << e.first << ": " << e.second.to_json() << std::endl;
-    }
-
-    return 0;
-}
-

test/mosquitto.conf

@@ -4,53 +4,8 @@ protocol websockets
 listener 8081
 protocol mqtt
 
-
 log_type all
 allow_anonymous true
 
 auth_plugin /home/jimmy/Develop/mosquitto-plugin/build/libjwp-plugin.so
-auth_opt_issuer https://auth.jpace121.net/realms/jpace121-main
-auth_opt_public_key /home/jimmy/Develop/mosquitto-plugin/test/key.pem
-
-# -----------------------------------------------------------------
-# External authentication and topic access plugin options
-# -----------------------------------------------------------------
-
-# External authentication and access control can be supported with the
-# auth_plugin option. This is a path to a loadable plugin. See also the
-# auth_opt_* options described below.
-#
-# The auth_plugin option can be specified multiple times to load multiple
-# plugins. The plugins will be processed in the order that they are specified
-# here. If the auth_plugin option is specified alongside either of
-# password_file or acl_file then the plugin checks will be made first.
-#
-#auth_plugin
-
-# If the auth_plugin option above is used, define options to pass to the
-# plugin here as described by the plugin instructions. All options named
-# using the format auth_opt_* will be passed to the plugin, for example:
-#
-# auth_opt_db_host
-# auth_opt_db_port
-# auth_opt_db_username
-# auth_opt_db_password
-
-# -----------------------------------------------------------------
-# Default authentication and topic access control
-# -----------------------------------------------------------------
-
-# Control access to the broker using a password file. This file can be
-# generated using the mosquitto_passwd utility. If TLS support is not compiled
-# into mosquitto (it is recommended that TLS support should be included) then
-# plain text passwords are used, in which case the file should be a text file
-# with lines in the format:
-# username:password
-# The password (and colon) may be omitted if desired, although this
-# offers very little in the way of security.
-#
-# See the TLS client require_certificate and use_identity_as_username options
-# for alternative authentication options. If an auth_plugin is used as well as
-# password_file, the auth_plugin check will be made first.
-#password_file
-
+auth_opt_issuer https://auth.jpace121.net/realms/jpace121-main