Mise à jour de la partie 3 du TP

a080017d · steven.jaquet · 91ad4b57 · a080017d · 91ad4b57 · a080017d
Commit a080017d authored Jan 29, 2023 by steven.jaquet
--- a/.gitmodules
+++ b/.gitmodules
+[submodule "TLS-Scanner-master/-f"]
+	path = TLS-Scanner-master/-f
+	url = https://github.com/nabla-c0d3/trust_stores_observatory.git
--- a/.~lock.Rapport_AppSec.odt#
+++ b/.~lock.Rapport_AppSec.odt#
-,JIE-LAPTOP/jie,jie-laptop,28.01.2023 15:56,file:///C:/Users/jie/AppData/Roaming/LibreOffice/4;
\ No newline at end of file
--- a/Rapport_AppSec.odt
+++ b/Rapport_AppSec.odt
--- a/-f @ 73c714fa
+++ b/-f @ 73c714fa
+Subproject commit 73c714fa5137d51a35a1ca150eed42b9e96a4e65
--- a/certs/cert.pem
+++ b/certs/cert.pem
+-----BEGIN CERTIFICATE-----
+MIIGAzCCA+ugAwIBAgIUOY00rPFnBhCmR2d7pj0Rjv6V6+0wDQYJKoZIhvcNAQEL
+BQAwgZAxCzAJBgNVBAYTAkNIMQ8wDQYDVQQIDAZHZW5ldmExDzANBgNVBAcMBkdl
+bmV2YTEOMAwGA1UECgwFSEVQSUExDDAKBgNVBAsMA0lTQzEWMBQGA1UEAwwNU3Rl
+dmVuIEphcXVldDEpMCcGCSqGSIb3DQEJARYac3RldmVuLmphcXVldEBldHUuaGVz
+Z2UuY2gwHhcNMjMwMTI4MTUwODU3WhcNMjQwMTI4MTUwODU3WjCBkDELMAkGA1UE
+BhMCQ0gxDzANBgNVBAgMBkdlbmV2YTEPMA0GA1UEBwwGR2VuZXZhMQ4wDAYDVQQK
+DAVIRVBJQTEMMAoGA1UECwwDSVNDMRYwFAYDVQQDDA1TdGV2ZW4gSmFxdWV0MSkw
+JwYJKoZIhvcNAQkBFhpzdGV2ZW4uamFxdWV0QGV0dS5oZXNnZS5jaDCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAPYAW3zdY1eo7+gm2Wy/Ylf/IpQYLj27
+JKe25QlO2kGXi0wX+5yR/hUNMsc6fsnujkMJHEihbVEk3tgvZ2Oy36lW3kQ3w1lM
+gR4+kmQI+TFhKbCEtG2twR+I5yJ6GTZuXN0A8VmUhGjTxmdOhfLieUHQkc2xsw7G
+OY6typwRix3VjMPWUAZ0B8sFxRwAORNlCa+Xsxw6l88KJP9araxIVAK7qLDR/9MH
+cWEYS8mMWT7zF5oiHuBVPj9muO4UKKmqhzgeyqo4rEam+8NbaKnHfP24sILDRN7c
+c8MxtfAjcz7uieD4J5sV+tXxNxNwkUJ2MsNAyTq6GTt0IIee2/XPOaFbD/hgm+Ef
+imTSoWpS8xCnojxrVeWGAAI1u+MdvAbCoaus3HeaPXHMb/fVyzuzrgjDy5xK0Cdu
+GL2hdrBjL6e+MK0qt5jq6833GViI4w3uqY5gQWcsP9unB6q19/KOINW3HFECdvcF
+JkfXHDuj8wy1mby/HmiZjNvhoFxTm2zVRe3cDgacrV6pbFUBu6q0Ac7X/ji1wX+H
+kToSx3L6f+IXbdEBkGMSLg4tD47NYRSIU7O/WAAhOKFEUEJOSlLjXA9XkpV+eejI
+Qe2sNTL9x+DzPxQGubUnyKnJL+L99Y+ZMrzpsfekEKF9n+h1Eav4hVuL/ktOZaBZ
+mrDQzfA2XefzAgMBAAGjUzBRMB0GA1UdDgQWBBRKYXTgnIRXcu7vmwWCVNnV+M1W
+fDAfBgNVHSMEGDAWgBRKYXTgnIRXcu7vmwWCVNnV+M1WfDAPBgNVHRMBAf8EBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQC1Z1IoiAgqr2syEb0P93JmstTq9RrZJm9f
+gAZg3EtgMdyC6sbtzZ637xxpj9bkqU/UNINgCKmWYV5OpKlLiNQgH6fPhdSkwPXb
+c73MwEL0crP56JSmCY+ULO7ZK+nXODePSCV3TZB7KTwgpGsj0/694tWLp4nKWBca
+fqkd2bmob1tizklf+EVf0L/xMgYMwddhlIIqYGz1WT1sN+QLD3OUMZCQLJpMdRCq
+EEQ9Q+jZdjl2GAipDWEnki2kXJNG8NMmn4FhTTq2wrgbG2wQK3ubNM9+aM8HSCPk
+K/SOrFYYHo1qKYwXoY0VdkucU8mZAT6LCG6e5cMwExSsn+4B0x697kkYiyEoIzl6
+2QTPxzFI3dkyN2TPd5n5o6JBbyTifzdYSn2nX96H7/zRNN2tSgMxllBf9P4ZgpVa
+r6BNR1Ai9GXP95Q0JmA+1z0NJBHiZFVIn4D9IDgztwYPyxjQHpz5WycyIQph2D+I
+uxf30FQZRnjCxJEvdrAknGnQ9i3fFIbnS/QdhA1L3VJveFvmEufHErmdW9ByJpDW
+2uQCJe2ftUS+Wxnwf/+Lc0YSc9PqCDCjoYVwVya9wO2U8KGBIlKBItHwpVtJTKku
+GipNZKk/CS4HEj8sPnJPaXy39mRKuierw4Qi/tp2JwQGg4sDWszB3g2KTCcx2I+a
+vVQJ/MsS+g==
+-----END CERTIFICATE-----
--- a/certs/key.pem
+++ b/certs/key.pem
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQD2AFt83WNXqO/o
+Jtlsv2JX/yKUGC49uySntuUJTtpBl4tMF/uckf4VDTLHOn7J7o5DCRxIoW1RJN7Y
+L2djst+pVt5EN8NZTIEePpJkCPkxYSmwhLRtrcEfiOciehk2blzdAPFZlIRo08Zn
+ToXy4nlB0JHNsbMOxjmOrcqcEYsd1YzD1lAGdAfLBcUcADkTZQmvl7McOpfPCiT/
+Wq2sSFQCu6iw0f/TB3FhGEvJjFk+8xeaIh7gVT4/ZrjuFCipqoc4HsqqOKxGpvvD
+W2ipx3z9uLCCw0Te3HPDMbXwI3M+7ong+CebFfrV8TcTcJFCdjLDQMk6uhk7dCCH
+ntv1zzmhWw/4YJvhH4pk0qFqUvMQp6I8a1XlhgACNbvjHbwGwqGrrNx3mj1xzG/3
+1cs7s64Iw8ucStAnbhi9oXawYy+nvjCtKreY6uvN9xlYiOMN7qmOYEFnLD/bpweq
+tffyjiDVtxxRAnb3BSZH1xw7o/MMtZm8vx5omYzb4aBcU5ts1UXt3A4GnK1eqWxV
+AbuqtAHO1/44tcF/h5E6Esdy+n/iF23RAZBjEi4OLQ+OzWEUiFOzv1gAITihRFBC
+TkpS41wPV5KVfnnoyEHtrDUy/cfg8z8UBrm1J8ipyS/i/fWPmTK86bH3pBChfZ/o
+dRGr+IVbi/5LTmWgWZqw0M3wNl3n8wIDAQABAoICAAvkD4gKbCi1aJydnXPgD7Zg
+2usyp1riMWQ5THqLM7STnoRCl9hvxsrTX6l5U93vPd7Spr8srQviOYf/SULsnLAN
+nA0gbue28XoknHnhDyk1C56rLiIrvG00S7aDFWCSrBgeBAyIR8WIuws3pJ+NapQP
+q1njJYcTdikbOx3Dy/2DWtxafyAYurRfETHdzDnPmqIWC0PUNzim7Qvky7FLW7g4
+GZrWbm8PvzS/cmZfINnl8TWeQZomtK1m3ziELppTkllYRQPpB7bF5TSCYMhCysa5
+hzAC6qYlHM60wpkayubMq/XSY5kKUnIbSJtpcl62jOnwNz8zS1Ca4o77qEvfmjxG
+Acdi3Qk5Wn/POvgREKflBYTIRrBDMN23ClZ615sfukxn1+M3l73b5XVp6wk+mlXS
+kcGRej/ejzZ3sGiiPVeAeaS/BpdGzc/vahDejVmFUNtEUOpTMEELynXoBx2miKhN
+9GHf5LI/0ns3i+lzVlrZx9+1Pdj/E4Kc5RYn8z7qeezKX0txCGk2Mn5jOtxueSaZ
+pV3BSYD+pssj3OVW2gq8n92sUb8PmBfPGY+MyAF33se0UyaYHjSvFemqlGG/wKMl
+otUO67cHxbSHjqzxnPK9xASuPmZ9+H+vK9hJ6IljDz2/eugoIq4IRN3vaMQH0Gyf
+CvDYNOjOsc9mvLaV9tuxAoIBAQD+ZU31T1C6NJSbT5kbarqn+BnngM7Rg/AwhPZX
+Ul2rN/qn9kfQh8cpCYbOyV8sVmNM+sCRgIxYI1ZjccqRbQlROzFK0Ddmo0mEZyLC
+X3pAMcGVTsI+ZwJ9kqZD3zNPzoNGURe5LaAceNSCo+f15JNQeyF+N/KB1j29bXtT
+cin+4q1pqX2GuKAxcblW34x1xsgRqVFjcgq0yVxPBYCIbtY6WQkozLw5BCRNVlMZ
+SH85CnSKW+0xhh8tNYND4616EJff8PIh3JMejQ5LyWZ+70O1FY9t7wik7f2ZpbyB
+4oLHnNcgBP58sB+pHWWueuun0WMCyEDheFH3BEmSwaJfhgwjAoIBAQD3jYBHCLp+
+mRORbgYQwGjTvJNtJ0WPGTsl3zcG68VnFiy0VR+na+3gX9SLU/sGK76M87stkwCP
+pFHEgDfb3R6HKEUfwjyYD8gAlsqwh16B0MtrIU1OgXUuE4qwe2QaGzGz2lzqa6jk
+OkouRpnAQUo64/N6UBqsUC+xLFerqpXJbiBakrioYuzi+KlmolZ2IfEX0fSJERY7
+wnSIzVa2swcKtHSKi2Ap8z0HFvaim+/etTurcLg6zTSpdhWQdvh5vF6fU01DQgHV
+qbIx3r2konfgc+j4tZpra1rEWmugR2tm2Vney6u+4ulGJ0+jvhWzUxvoUnt4U/M/
+USA7QDMrl8nxAoIBAQD1HFSt3HsSvmDE+D+0K/SmrKUA6pnbQz2k8ieMYT8BHtGz
+DdeJ85kQUC6EhX/e72mEHUJ3rx0KOxocfOJJln5Ytyi6Rb5rdT77hIf4MhhPS+GS
+Y61ChOvgY/ExChidd4QCt1WdRXm0lTNkoFp6EH9kFw9hVrShJvSb1KXz89bE0FF3
+sifRK4ilu0Zxjrj+LcZNRg+2OoZYRH9dYBbE3c4pr+nkVsewQ+5aWad9f92c7xb0
+zLfQdMMLQzkzq2ZVazF6QuR5fdZ+pDg3C1lnSk+5ZYmpyZtRlkE3znm/x6hsfhDE
+uCsfpm8K+dkj8Smnq1azspDY7Z5D2+yrq0gws65zAoIBAD5ktb4xnv+liV8QQgsa
+09D6KJZMXaXRkCzdc7sU1a5D0oSpJ89EzrHMtX9gbVaC1AYmsDiuYmfR3KIQRwPt
+WXJrXfDBPhB9ecVcPD3+AH3rqDmaLSfqTSSN3Fja4MILtJ1GHkEfXXQYlPXQ6ZOh
+YRoytf1QD0j69OpM6NPlrNcWIKVzcYNPW7FhRyENLYmcyG1eh6m8WsQ5ILISPxbR
+TKcQEIeS1Wv9WJZe3U7iyrRxLVbqlCSN8AX+MzU0JzBXn+m8Ty7yhg/aM4WKRHYo
+VNqHnGKDMyZ76mau+41sMs+7XIFhCCqWeoEqC1KT6FhITDJkB6auUhLVWbBVYBBO
+s6ECggEBAI2OSQhJrbqpmS5KQ6nom8+HzPT3Vg4EEm3hr4ZJ3kuODaJhrpbZg4Yo
+Yu8AqOk+f7GKakJB56sMHZl5sOUiAIbq++o/yKoFBVFE5r/8Z6IefDdGkjlSglYn
+ezNKwaVTKp9VkDHgTCdWMh742EY4aKgRiU/2eyINFSx+yiQkglYT20KfMDL/O0N1
+ecrQaUxnsuTLpg7WH2vCMLziWstyhtDRu37takhMO9dJ6HimPcAejL/ZjYeqjf8t
+9b90ytXwrEpS2UHNvVTBOm/rlUzk5lTEovUnHwO7/fdMJwirNhQudpAKMPkAmZOf
+WQlp0oiUSUGt0CJB0c/49tFFqSlqA5U=
+-----END PRIVATE KEY-----
--- a/docker-compose.yml
+++ b/docker-compose.yml
+version: '3'
+services:
+  nginx:
+    image: nginx:latest
+    container_name: nginx
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf
+      - ./certs:/etc/certs
+    ports:
+      - 80:80
+      - 443:443
+
+  appsec:
+    image: docker-app-sec
+    container_name: appsec
+    expose:
+      - "8080"
--- a/go.mod
+++ b/go.mod
@@ -5,6 +5,7 @@ go 1.19
 require github.com/gin-gonic/gin v1.8.1

 require (
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-playground/locales v0.14.0 // indirect
 	github.com/go-playground/universal-translator v0.18.0 // indirect
@@ -12,10 +13,19 @@ require (
 	github.com/goccy/go-json v0.9.7 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/leodido/go-urn v1.2.1 // indirect
+	github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.0 // indirect
+	github.com/lestrrat-go/httpcc v1.0.0 // indirect
+	github.com/lestrrat-go/iter v1.0.1 // indirect
+	github.com/lestrrat-go/jwx v1.2.18 // indirect
+	github.com/lestrrat-go/option v1.0.0 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/okta/okta-jwt-verifier-golang v1.3.1 // indirect
+	github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.1 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
 	github.com/ugorji/go/codec v1.2.7 // indirect
 	golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 // indirect
 	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 // indirect

--- a/go.sum
+++ b/go.sum
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d h1:1iy2qD6JEhHKKhUOA9IWs7mjco7lnw2qx8FsRI2wirE=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.8.1 h1:4+fr/el88TOO3ewCmQr8cx/CtZ/umlIRIs5M4NTNjf8=
@@ -12,6 +15,7 @@ github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/j
 github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
 github.com/go-playground/validator/v10 v10.10.0 h1:I7mrTYv78z8k8VXa/qJlOlEXn/nBh+BF8dHX5nt/dr0=
 github.com/go-playground/validator/v10 v10.10.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos=
+github.com/goccy/go-json v0.9.4/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/goccy/go-json v0.9.7 h1:IcB+Aqpx/iMHu5Yooh7jEzJk1JZ7Pjtmys2ukPr7EeM=
 github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
@@ -27,41 +31,90 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
 github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
+github.com/lestrrat-go/backoff/v2 v2.0.8 h1:oNb5E5isby2kiro9AgdHLv5N5tint1AnDVVf2E2un5A=
+github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y=
+github.com/lestrrat-go/blackmagic v1.0.0 h1:XzdxDbuQTz0RZZEmdU7cnQxUtFUzgCSPq8RCz4BxIi4=
+github.com/lestrrat-go/blackmagic v1.0.0/go.mod h1:TNgH//0vYSs8VXDCfkZLgIrVTTXQELZffUV0tz3MtdQ=
+github.com/lestrrat-go/codegen v1.0.0/go.mod h1:JhJw6OQAuPEfVKUCLItpaVLumDGWQznd1VaXrBk9TdM=
+github.com/lestrrat-go/httpcc v1.0.0 h1:FszVC6cKfDvBKcJv646+lkh4GydQg2Z29scgUfkOpYc=
+github.com/lestrrat-go/httpcc v1.0.0/go.mod h1:tGS/u00Vh5N6FHNkExqGGNId8e0Big+++0Gf8MBnAvE=
+github.com/lestrrat-go/iter v1.0.1 h1:q8faalr2dY6o8bV45uwrxq12bRa1ezKrB6oM9FUgN4A=
+github.com/lestrrat-go/iter v1.0.1/go.mod h1:zIdgO1mRKhn8l9vrZJZz9TUMMFbQbLeTsbqPDrJ/OJc=
+github.com/lestrrat-go/jwx v1.2.18 h1:RV4hcTRUlPVYUnGqATKXEojoOsLexoU8Na4KheVzxQ8=
+github.com/lestrrat-go/jwx v1.2.18/go.mod h1:bWTBO7IHHVMtNunM8so9MT8wD+euEY1PzGEyCnuI2qM=
+github.com/lestrrat-go/option v0.0.0-20210103042652-6f1ecfceda35/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
+github.com/lestrrat-go/option v1.0.0 h1:WqAWL8kh8VcSoD6xjSH34/1m8yxluXQbDeKNfvFeEO4=
+github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
+github.com/lestrrat-go/pdebug/v3 v3.0.1/go.mod h1:za+m+Ve24yCxTEhR59N7UlnJomWwCiIqbJRmKeiADU4=
 github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 h1:ZqeYNhU3OHLH3mGKHDcjJRFFRrJa6eAM5H+CtDdOsPc=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/okta/okta-jwt-verifier-golang v1.3.1 h1:V+9W5KD3nG7xN0UYtnzXtkurGcs71bLwzPFuUGNMwdE=
+github.com/okta/okta-jwt-verifier-golang v1.3.1/go.mod h1:cHffA777f7Yi4K+yDzUp89sGD5v8sk04Pc3CiT1OMR8=
+github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627 h1:pSCLCl6joCFRnjpeojzOpEYs4q7Vditq8fySFG5ap3Y=
+github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU=
 github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M=
 github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0=
 github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 h1:qWPm9rbaAMKs8Bq/9LRpbMqxWRVUAQwMI9fVrssnTfw=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069 h1:siQdpVirKtzPhKl3lZWozZraCFObP8S1v6PRp0bLrtU=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
+golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
@@ -69,6 +122,7 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

--- a/main.go
+++ b/main.go
@@ -3,6 +3,8 @@ package main
 import (
 	"net/http"
 	"github.com/gin-gonic/gin"
+	"strings"
+	jwtverifier "github.com/okta/okta-jwt-verifier-golang"
 )

 type student struct {
@@ -108,16 +110,81 @@ func deleteTeacher(c *gin.Context) {
 	c.IndentedJSON(http.StatusNotFound, gin.H{"message": "teacher not found"})
 }

+var toValidate = map[string]string{
+	"aud": "api://default",
+	"cid": "0oa84xqh3syFfCGQY5d7",
+}
+
+func verify(c *gin.Context) bool {
+	status := true
+	token := c.Request.Header.Get("Authorization")
+	if strings.HasPrefix(token, "Bearer ") {
+		token = strings.TrimPrefix(token, "Bearer ")
+		verifierSetup := jwtverifier.JwtVerifier{
+			Issuer:           "https://dev-09578173.okta.com/oauth2/default",
+			ClaimsToValidate: toValidate,
+		}
+		verifier := verifierSetup.New()
+		jwt, err := verifier.VerifyAccessToken(token)
+		if err != nil {
+			c.String(http.StatusForbidden, err.Error())
+			print(err.Error())
+			status = false
+		}
+
+		sub := jwt.Claims["sub"].(string)
+		if targetAuth, ok := auth[sub]; ok {
+			m := c.Request.Method
+
+			for _, value := range targetAuth {
+				if value == m {
+						status = true
+				} else {
+						status = false
+				}
+			}
+		}
+	} else {
+		c.String(http.StatusUnauthorized, "Unauthorized")
+		status = false
+	}
+	return status
+}
+
+func verifyAuth(c *gin.Context) {
+	if verify(c) {
+		c.Next()
+	} else {
+		c.AbortWithStatus(http.StatusForbidden)
+	}
+}
+
+var auth = make(map[string][]string)
+
 func main() {
 	router := gin.Default()
-	router.GET("/students", getStudents)
-	router.GET("/teachers", getTeachers)
-	router.GET("/students/:id", getStudentByID)
-	router.GET("/teachers/:id", getTeacherByID)
-	router.POST("/students", postStudent)
-	router.POST("/teachers", postTeachers)
-	router.DELETE("/student/:id", deleteStudent)
-	router.DELETE("/teachers/:id", deleteTeacher)
+
+	authGetStudents := router.Group("/", gin.BasicAuth(gin.Accounts{
+		"foo":      "bar",
+		"aristote": "Eucl1de",
+	}))
+
+	authAllStudents := router.Group("/", gin.BasicAuth(gin.Accounts{
+		"aristote": "Eucl1de",
+	}))
+
+	authGetStudents.GET("/students", getStudents)
+	authGetStudents.GET("/students/:id", getStudentByID)
+	authAllStudents.POST("/students", postStudent)
+	authAllStudents.DELETE("/student/:id", deleteStudent)
+
+	auth["steven.jaquet@etu.hesge.ch"] =
+	append(auth["steven.jaquet@etu.hesge.ch"], "GET", "POST")
+	auth["michael.jaquet1@etu.hesge.ch"] =
+	append(auth["michael.jaquet1@etu.hesge.ch"], "GET", "DELETE")
+	auth["david.jaquet1@etu.hesge.ch"] =
+	append(auth["david.jaquet1@etu.hesge.ch"], "GET")

 	router.Run(":8080")
 }
+
--- a/nginx.conf
+++ b/nginx.conf
+worker_processes  5;  
+worker_rlimit_nofile 8192;
+events { }
+http {
+
+  map $http_upgrade $connection_upgrade {
+      default upgrade;
+      ''      close;
+    }
+
+  server {
+    listen 80;
+    server_name localhost;
+    return 301 https://localhost$request_uri;
+         }
+
+   server {
+    listen 443 ssl;
+    server_name localhost;
+
+    ssl_certificate /etc/certs/cert.pem;
+    ssl_certificate_key /etc/certs/key.pem;
+    access_log /var/log/nginx/data-access.log combined;
+
+    location / {
+       proxy_pass http://appSec:8080/;
+       proxy_set_header X-Real-IP  $remote_addr;
+       proxy_set_header X-Forwarded-For $remote_addr;
+       proxy_set_header Host $host;
+       proxy_set_header X-Forwarded-Proto $scheme;
+       proxy_redirect http://shiny:3838/ $scheme://$http_host/;
+       proxy_http_version 1.1;
+       proxy_set_header Upgrade $http_upgrade;
+       proxy_set_header Connection $connection_upgrade;
+       proxy_read_timeout 20d;
+       proxy_buffering off;
+       }
+   }
+}
+