First implementation

.gitignore

@@ -0,0 +1,9 @@
+# Gradle-related local directories
+/.gradle
+/build
+
+# Devs editor of choice config
+/.idea
+
+# Local dev config
+/application.yaml

README.md

@@ -0,0 +1,47 @@
+# Introduction
+mxisd is an implementation of the Matrix Identity Server which aims to provide an alternative
+to [sydent](https://github.com/matrix-org/sydent) and an external validation implementation of the
+[Identity Service API](http://matrix.org/docs/spec/identity_service/unstable.html).
+
+mxisd is currently in read-only mode with a LDAP backend, allowing to lookup the Matrix ID from an arbitrary attribute.
+
+# Quick start
+## Requirements
+- JDK 1.8
+
+## Build
+```
+git clone https://github.com/kamax-io/mxisd.git
+cd mxisd
+./gradlew build
+```
+
+## Configure
+1. Create a new local config: `cp application.example.yaml application.yaml`
+- Edit `application.yaml` to your needs - at least provide the LDAP attributes
+- Edit an entity in your LDAP database and set the configure attribute with a Matrix ID (@johndoe:example.org)
+
+## Run
+Start the server in foreground with configuration location info `./build/libs/mxisd --spring.config.location=../../`
+
+You should see a public key with `curl http://localhost:8090/_matrix/identity/api/v1/pubkey/ed25519%3A0`
+
+You should see some JSON data with `curl http://localhost:8090/_matrix/identity/api/v1/lookup?medium=email&address=johndoe@example.org`
+
+If you plan on testing the integration with a homeserver, you will need to run an HTTPS reverse proxy in front of it
+as the homeserver implementation seems to require a HTTPS connection to an ID server.
+
+# Install
+1. Create a dedicated user: `useradd -r mxisd`
+- Create config directory: `mkdir /etc/mxis`
+- Change user ownership of `/etc/mxis` to dedicated user: `chown mxisd /etc/mxis`
+- Copy `./build/libs/mxisd` to `/usr/bin/mxisd`: `sudo cp ./build/libs/mxisd /usr/bin/mxisd`
+- Copy (or create a new) `./application.yaml` to `/etc/mxis/mxisd.yaml`
+- Configure `/etc/mxis/mxisd.yaml` with production value - key.path being the most important - `/etc/mxis/signing.key` is recommended
+- Copy `main/systemd/mxisd.service` to `/etc/systemd/system/` and edit as needed
+- Enable service: `systemctl enable mxisd`
+- Start service: `systemctl start mxisd`
+
+# TODO
+- Deb package
+- Auto-discovery of matrix ids based on server name and username-like attribute

application.example.yaml

@@ -0,0 +1,15 @@
+server:
+  port: 8090
+  name: 'example.org'
+
+key:
+  path: '/var/tmp/mxis-signing.key'
+
+ldap:
+  host: 'localhost'
+  port: 389
+  baseDn: 'CN=Users,DC=example,DC=org'
+  query: '(|(mailPrimaryAddress=%3pid)(mail=%3pid)(otherMailbox=%3pid))'
+  attribute: 'pager'
+  bindDn: 'CN=Identity Server,CN=Users,DC=example,DC=org'
+  bindPassword: 'password'

build.gradle

@@ -0,0 +1,63 @@
+/*
+ * mxisd - Matrix Identity Server Daemon
+ * Copyright (C) 2017 Maxime Dor
+ *
+ * https://max.kamax.io/
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+apply plugin: 'groovy'
+apply plugin: 'org.springframework.boot'
+
+buildscript {
+    repositories {
+        mavenCentral()
+    }
+
+    dependencies {
+        classpath 'org.springframework.boot:spring-boot-gradle-plugin:1.4.3.RELEASE'
+    }
+}
+
+repositories {
+    mavenCentral()
+}
+
+dependencies {
+    // We are a groovy project
+    compile 'org.codehaus.groovy:groovy-all:2.4.7'
+
+    // Easy file management
+    compile 'commons-io:commons-io:2.5'
+
+    // Spring Boot - standalone app
+    compile 'org.springframework.boot:spring-boot-starter-web:1.4.3.RELEASE'
+
+    // ed25519 handling
+    compile 'net.i2p.crypto:eddsa:0.1.0'
+
+    // LDAP connector
+    compile 'org.apache.directory.api:api-all:1.0.0-RC2'
+
+    testCompile 'junit:junit:4.12'
+}
+
+springBoot {
+    executable = true
+
+    embeddedLaunchScriptProperties = [
+            confFolder: "/etc/default"
+    ]
+}

gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,6 @@
+#Mon Jan 23 02:34:52 CET 2017
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-3.3-bin.zip

gradlew

@@ -0,0 +1,172 @@
+#!/usr/bin/env sh
+
+##############################################################################
+##
+##  Gradle start up script for UN*X
+##
+##############################################################################
+
+# Attempt to set APP_HOME
+# Resolve links: $0 may be a link
+PRG="$0"
+# Need this for relative symlinks.
+while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+        PRG="$link"
+    else
+        PRG=`dirname "$PRG"`"/$link"
+    fi
+done
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/" >/dev/null
+APP_HOME="`pwd -P`"
+cd "$SAVED" >/dev/null
+
+APP_NAME="Gradle"
+APP_BASE_NAME=`basename "$0"`
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS=""
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD="maximum"
+
+warn ( ) {
+    echo "$*"
+}
+
+die ( ) {
+    echo
+    echo "$*"
+    echo
+    exit 1
+}
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "`uname`" in
+  CYGWIN* )
+    cygwin=true
+    ;;
+  Darwin* )
+    darwin=true
+    ;;
+  MINGW* )
+    msys=true
+    ;;
+  NONSTOP* )
+    nonstop=true
+    ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+        JAVACMD="$JAVA_HOME/bin/java"
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD="java"
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
+    MAX_FD_LIMIT=`ulimit -H -n`
+    if [ $? -eq 0 ] ; then
+        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
+            MAX_FD="$MAX_FD_LIMIT"
+        fi
+        ulimit -n $MAX_FD
+        if [ $? -ne 0 ] ; then
+            warn "Could not set maximum file descriptor limit: $MAX_FD"
+        fi
+    else
+        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
+    fi
+fi
+
+# For Darwin, add options to specify how the application appears in the dock
+if $darwin; then
+    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
+fi
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin ; then
+    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
+    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+    JAVACMD=`cygpath --unix "$JAVACMD"`
+
+    # We build the pattern for arguments to be converted via cygpath
+    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
+    SEP=""
+    for dir in $ROOTDIRSRAW ; do
+        ROOTDIRS="$ROOTDIRS$SEP$dir"
+        SEP="|"
+    done
+    OURCYGPATTERN="(^($ROOTDIRS))"
+    # Add a user-defined pattern to the cygpath arguments
+    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
+        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
+    fi
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    i=0
+    for arg in "$@" ; do
+        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
+        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
+
+        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
+            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
+        else
+            eval `echo args$i`="\"$arg\""
+        fi
+        i=$((i+1))
+    done
+    case $i in
+        (0) set -- ;;
+        (1) set -- "$args0" ;;
+        (2) set -- "$args0" "$args1" ;;
+        (3) set -- "$args0" "$args1" "$args2" ;;
+        (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+    esac
+fi
+
+# Escape application args
+save ( ) {
+    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
+    echo " "
+}
+APP_ARGS=$(save "$@")
+
+# Collect all arguments for the java command, following the shell quoting and substitution rules
+eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+
+# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
+if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
+  cd "$(dirname "$0")"
+fi
+
+exec "$JAVACMD" "$@"