feat: persist generated keys

modules/admin-server/src/main/kotlin/com/sphereon/oid/fed/server/admin/controllers/KeyController.kt

@@ -1,24 +1,33 @@
-package com.sphereon.oid.fed.server.admin.controllers
-
-import com.sphereon.oid.fed.openapi.models.JwkDto
-import com.sphereon.oid.fed.persistence.models.Jwk
-import com.sphereon.oid.fed.services.KeyService
-import org.springframework.web.bind.annotation.*
-
-@RestController
-@RequestMapping("/accounts/{accountUsername}/keys")
-class KeyController {
-    private val keyService = KeyService()
-
-    @PostMapping
-    fun create(@PathVariable accountUsername: String): Int {
-        val key = keyService.create(accountUsername)
-        return key.id
-    }
-
-    @GetMapping
-    fun getKeys(@PathVariable accountUsername: String): List<JwkDto> {
-        val keys = keyService.getKeys(accountUsername)
-        return keys
-    }
+package com.sphereon.oid.fed.server.admin.controllers
+
+import com.sphereon.oid.fed.openapi.models.JwkDto
+import com.sphereon.oid.fed.services.KeyService
+import com.sphereon.oid.fed.services.extensions.toJwkDTO
+import org.springframework.web.bind.annotation.*
+
+@RestController
+@RequestMapping("/accounts/{accountUsername}/keys")
+class KeyController {
+    private val keyService = KeyService()
+
+    @PostMapping
+    fun create(@PathVariable accountUsername: String): JwkDto {
+        val key = keyService.create(accountUsername)
+        return key.toJwkDTO()
+    }
+
+    @GetMapping
+    fun getKeys(@PathVariable accountUsername: String): List<JwkDto> {
+        val keys = keyService.getKeys(accountUsername)
+        return keys
+    }
+
+    @DeleteMapping("/{keyId}")
+    fun revokeKey(
+        @PathVariable accountUsername: String,
+        @PathVariable keyId: Int,
+        @RequestParam reason: String?
+    ): JwkDto {
+        return keyService.revokeKey(accountUsername, keyId, reason)
+    }
 }

modules/openapi/src/commonMain/kotlin/com/sphereon/oid/fed/openapi/openapi.yaml

@@ -25,7 +25,7 @@ tags:
 
 servers:
   - description: SwaggerHub API Auto Mocking
-    url: https://virtserver.swaggerhub.com/SphereonInt/OpenIDFederationAPI/1.0.0-d35
+    url: https://virtserver.swaggerhub.com/SphereonInt/OpenIDFederationAPI/1.0.0-d36
 
 paths:
   /status:
@@ -1856,46 +1856,183 @@ components:
       properties:
         kty:
           type: string
-          description: The "kty" (key type) parameter identifies the cryptographic algorithm family used with the key, such as "RSA" or "EC".
+          description: The key type (e.g., EC, RSA).
           example: RSA
+        crv:
+          type: string
+          description: The elliptic curve used (only for EC keys).
+          example: P-256
+          nullable: true
+        kid:
+          type: string
+          description: The key ID (optional).
+          example: 12345
+          nullable: true
+        x:
+          type: string
+          description: The X coordinate for EC keys (optional).
+          example: o-7zraXKDaoBte2PsuTXo-MSLzsyWdAElNptGgI4aH8
+          nullable: true
+        y:
+          type: string
+          description: The Y coordinate for EC keys (optional).
+          example: Xr_wCzJ1XnsgAIV5qHruzSwaNnwy87UjmevVklTpIv8
+          nullable: true
+        n:
+          type: string
+          description: The modulus for RSA keys.
+          example: modulus_value
+          nullable: true
+        e:
+          type: string
+          description: The exponent for RSA keys.
+          example: AQAB
+          nullable: true
+        alg:
+          type: string
+          description: The algorithm associated with the key.
+          example: ES256
+          nullable: true
         use:
           type: string
-          description: The "use" (public key use) parameter identifies the intended use of the public key.
+          description: The intended use of the key (e.g., sig, enc).
           example: sig
-        key_ops:
+          nullable: true
+        x5u:
           type: string
-          description: The "key_ops" (key operations) parameter identifies the operation(s) for which the key is intended to be used.
-          example: encrypt
-        alg:
+          format: uri
+          description: A URL that points to an X.509 public key certificate or certificate chain.
+          example: https://example.com/cert.pem
+          nullable: true
+        x5c:
+          type: array
+          items:
+            type: string
+            description: A base64-encoded string representing an X.509 certificate.
+            example: MIICoTCCAYkCAQ...
+          description: The X.509 certificate chain.
+          nullable: true
+        x5t:
+          type: string
+          description: The SHA-1 thumbprint of the X.509 certificate.
+          example: dGhpcyBpcyBqdXN0IGEgdGh1bWJwcmludA
+          nullable: true
+        x5tS256: # Renamed to comply with OpenAPI restrictions
           type: string
-          description: The "alg" (algorithm) parameter identifies the algorithm intended for use with the key.
-          example: RS256
+          description: The SHA-256 thumbprint of the X.509 certificate.
+          example: sM4KhEI1Y2Sb6-EVr6tJabmJuoP-ZE...
+          nullable: true
+        revoked:
+          $ref: '#/components/schemas/JWTRevoked'
+
+    JwtWithPrivateKey:
+      type: object
+      x-tags:
+        - federation
+      required:
+        - kty
+      properties:
+        kty:
+          type: string
+          description: The key type (e.g., EC, RSA).
+          example: RSA
+        crv:
+          type: string
+          description: The elliptic curve used (only for EC keys).
+          example: P-256
+          nullable: true
         kid:
           type: string
-          description: The "kid" (key ID) parameter is used to match a specific key.
-          example: 1
+          description: The key ID (optional).
+          example: 12345
+          nullable: true
+        x:
+          type: string
+          description: The X coordinate for EC keys (optional).
+          example: o-7zraXKDaoBte2PsuTXo-MSLzsyWdAElNptGgI4aH8
+          nullable: true
+        y:
+          type: string
+          description: The Y coordinate for EC keys (optional).
+          example: Xr_wCzJ1XnsgAIV5qHruzSwaNnwy87UjmevVklTpIv8
+          nullable: true
+        n:
+          type: string
+          description: The modulus for RSA keys.
+          example: modulus_value
+          nullable: true
+        e:
+          type: string
+          description: The exponent for RSA keys.
+          example: AQAB
+          nullable: true
+        alg:
+          type: string
+          description: The algorithm associated with the key.
+          example: ES256
+        use:
+          type: string
+          description: The intended use of the key (e.g., sig, enc).
+          example: sig
+          nullable: true
         x5u:
           type: string
-          description: The "x5u" (X.509 URL) parameter is a URI that refers to a resource for an X.509 public key certificate or certificate chain.
+          format: uri
+          description: A URL that points to an X.509 public key certificate or certificate chain.
           example: https://example.com/cert.pem
+          nullable: true
         x5c:
           type: array
-          description: The "x5c" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates.
           items:
             type: string
-          example:
-            - MIIDQzCCA...+3whvMF1XEt0K2bA8wpPmSTPgQ==
+            description: A base64-encoded string representing an X.509 certificate.
+            example: MIICoTCCAYkCAQ...
+          description: The X.509 certificate chain.
+          nullable: true
         x5t:
           type: string
-          description: The "x5t" (X.509 certificate SHA-1 thumbprint) parameter is a base64url-encoded SHA-1 thumbprint of the DER encoding of an X.509 certificate.
-          example: 0fVuYF8jJ3onI+9Zk2/Iy+Oh5ZpE
-        x5t#S256:
+          description: The SHA-1 thumbprint of the X.509 certificate.
+          example: dGhpcyBpcyBqdXN0IGEgdGh1bWJwcmludA
+          nullable: true
+        x5tS256:
+          type: string
+          description: The SHA-256 thumbprint of the X.509 certificate.
+          example: sM4KhEI1Y2Sb6-EVr6tJabmJuoP-ZE...
+          nullable: true
+        d:
+          type: string
+          description: The private key value (for RSA and EC keys).
+          example: base64url_encoded_private_key
+          nullable: true
+        p:
+          type: string
+          description: The first prime factor (for RSA private key).
+          example: base64url_encoded_p
+          nullable: true
+        q:
+          type: string
+          description: The second prime factor (for RSA private key).
+          example: base64url_encoded_q
+          nullable: true
+        dp:
           type: string
-          description: The "x5t#S256" (X.509 certificate SHA-256 thumbprint) parameter is a base64url-encoded SHA-256 thumbprint of the DER encoding of an X.509 certificate.
-          example: 1MvI4/VhnEzTz7Jo/0Q/d/jI3rE7IMoMT34wvAjyLvs
+          description: The first factor CRT exponent (for RSA private key).
+          example: base64url_encoded_dp
+          nullable: true
+        dq:
+          type: string
+          description: The second factor CRT exponent (for RSA private key).
+          example: base64url_encoded_dq
+          nullable: true
+        qi:
+          type: string
+          description: The first CRT coefficient (for RSA private key).
+          example: base64url_encoded_qi
+          nullable: true
         revoked:
           $ref: '#/components/schemas/JWTRevoked'
 
+
     JwkDto:
       type: object
       x-tags:
@@ -1914,20 +2051,91 @@ components:
           type: integer
           description: The ID of the account associated with this JWK.
           example: 100
-        created_at:
+        kty:
           type: string
-          format: date-time
-          description: The timestamp when the JWK was created.
-          example: 2024-08-06T12:34:56Z
+          description: The key type (e.g., EC, RSA).
+          example: RSA
+        crv:
+          type: string
+          description: The elliptic curve used (only for EC keys).
+          example: P-256
+          nullable: true
+        kid:
+          type: string
+          description: The key ID (optional).
+          example: 12345
+          nullable: true
+        x:
+          type: string
+          description: The X coordinate for EC keys (optional).
+          example: o-7zraXKDaoBte2PsuTXo-MSLzsyWdAElNptGgI4aH8
+          nullable: true
+        y:
+          type: string
+          description: The Y coordinate for EC keys (optional).
+          example: Xr_wCzJ1XnsgAIV5qHruzSwaNnwy87UjmevVklTpIv8
+          nullable: true
+        n:
+          type: string
+          description: The modulus for RSA keys.
+          example: modulus_value
+          nullable: true
+        e:
+          type: string
+          description: The exponent for RSA keys.
+          example: AQAB
+          nullable: true
+        alg:
+          type: string
+          description: The algorithm associated with the key.
+          example: ES256
+          nullable: true
+        use:
+          type: string
+          description: The intended use of the key (e.g., sig, enc).
+          example: sig
+          nullable: true
+        x5u:
+          type: string
+          format: uri
+          description: A URL that points to an X.509 public key certificate or certificate chain.
+          example: https://example.com/cert.pem
+          nullable: true
+        x5c:
+          type: array
+          items:
+            type: string
+            description: A base64-encoded string representing an X.509 certificate.
+            example: MIICoTCCAYkCAQ...
+          description: The X.509 certificate chain.
+          nullable: true
+        x5t:
+          type: string
+          description: The SHA-1 thumbprint of the X.509 certificate.
+          example: dGhpcyBpcyBqdXN0IGEgdGh1bWJwcmludA
+          nullable: true
+        x5t#S256:
+          type: string
+          description: The SHA-256 thumbprint of the X.509 certificate.
+          example: sM4KhEI1Y2Sb6-EVr6tJabmJuoP-ZE...
+          nullable: true
         revoked_at:
           type: string
           format: date-time
           description: The timestamp when the JWK was revoked, if applicable.
           example: 2024-09-01T12:34:56Z
+          nullable: true
         revoked_reason:
           type: string
           description: The reason for revoking the JWK, if applicable.
           example: Key compromise
+          nullable: true
+        created_at:
+          type: string
+          format: date-time
+          description: The timestamp when the JWK was created.
+          example: 2024-08-06T12:34:56Z
+          nullable: true
 
 
     JWTRevoked:
@@ -3778,4 +3986,4 @@ components:
       enum:
         - LOCAL
       description: Enum for KMS integrations.
-      example: LOCAL
+      example: LOCAL

modules/openid-federation-common/src/commonMain/kotlin/com/sphereon/oid/fed/common/jwt/JoseJwt.kt

@@ -1,8 +1,10 @@
 package com.sphereon.oid.fed.common.jwt
 
+import com.sphereon.oid.fed.openapi.models.JwtWithPrivateKey
+
 expect class JwtHeader
 expect class JwtPayload
 
 expect fun sign(payload: JwtPayload, header: JwtHeader, opts: Map<String, Any>): String
 expect fun verify(jwt: String, key: Any, opts: Map<String, Any>): Boolean
-expect fun generateKeyPair(): String
+expect fun generateKeyPair(): JwtWithPrivateKey