Implement independent asymmetric key management for ZtatTokenService JWT signing with RDP proxy and Guacamole integration (#15)

* Initial plan

* Add RDP proxy public key endpoint integration to ZtatTokenService

Co-authored-by: phrocker <[email protected]>

* Add unit tests for ZtatTokenService RDP proxy integration

Co-authored-by: phrocker <[email protected]>

* Add documentation for ZtatTokenService RDP proxy integration

Co-authored-by: phrocker <[email protected]>

* Refactor RestTemplate instantiation to match existing service patterns

Co-authored-by: phrocker <[email protected]>

* Fix endpoint path conflict between RdpProxyKeySyncController and RdpProxyKeyController

Co-authored-by: phrocker <[email protected]>

* fixup

* Refactor to proper asymmetric model with independent key management per service

Co-authored-by: phrocker <[email protected]>

* Add RDP proxy support for validating JWTs from ZtatTokenService

Co-authored-by: phrocker <[email protected]>

* Update SecurityConfig to support both symmetric and asymmetric JWT tokens

Co-authored-by: phrocker <[email protected]>

* fixups

* Fix guacd connection to use local instance with installation in Dockerfile

Co-authored-by: phrocker <[email protected]>

* Implement full Guacamole protocol support for real RDP screen streaming

Co-authored-by: phrocker <[email protected]>

* fixup

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: phrocker <[email protected]>
Co-authored-by: Marc Parisi <[email protected]>

Author: Copilot

.local.env

@@ -1,4 +1,4 @@
-SENTRIUS_VERSION=1.1.450
+SENTRIUS_VERSION=1.1.460
 SENTRIUS_SSH_VERSION=1.1.44
 SENTRIUS_KEYCLOAK_VERSION=1.1.59
 SENTRIUS_AGENT_VERSION=1.1.45
@@ -7,4 +7,4 @@ LLMPROXY_VERSION=1.0.86
 LAUNCHER_VERSION=1.0.90
 AGENTPROXY_VERSION=1.0.87
 SSHPROXY_VERSION=1.0.90
-RDPPROXY_VERSION=1.0.15
+RDPPROXY_VERSION=1.0.32

.local.env.bak

@@ -1,4 +1,4 @@
-SENTRIUS_VERSION=1.1.450
+SENTRIUS_VERSION=1.1.460
 SENTRIUS_SSH_VERSION=1.1.44
 SENTRIUS_KEYCLOAK_VERSION=1.1.59
 SENTRIUS_AGENT_VERSION=1.1.45
@@ -7,4 +7,4 @@ LLMPROXY_VERSION=1.0.86
 LAUNCHER_VERSION=1.0.90
 AGENTPROXY_VERSION=1.0.87
 SSHPROXY_VERSION=1.0.90
-RDPPROXY_VERSION=1.0.15
+RDPPROXY_VERSION=1.0.32

api/src/main/java/io/sentrius/sso/controllers/api/HostApiController.java

@@ -112,6 +112,8 @@ public ResponseEntity<List<HostSystemDTO>> listHostSystems(HttpServletRequest re
                             continue;
                         }
                         break;
+                    case "ALL":
+                        break;
                     default:
                         // do nothing, return all
                 }
@@ -336,7 +338,7 @@ public ResponseEntity<Map<String, Object>> initiateRdpSession(
             }
 
             // Generate JWT token for this user and target
-            String jwtToken = generateRdpJwtToken(user, hostSystem.getDisplayName());
+            String jwtToken = generateRdpJwtToken(user, hostSystem.getId());
             if (jwtToken == null) {
                 // log.error("Failed to generate JWT token for user {} and target {}", user.getUsername(), hostSystem.getDisplayName());
                 return ResponseEntity.internalServerError().build();
@@ -348,7 +350,7 @@ public ResponseEntity<Map<String, Object>> initiateRdpSession(
             sessionData.put("port", hostSystem.getRdpPort() != null ? hostSystem.getRdpPort() : 3389);
             sessionData.put("username", user.getUsername());
             sessionData.put("jwtToken", jwtToken);
-            sessionData.put("target", hostSystem.getDisplayName());
+            sessionData.put("target", hostSystem.getId());
             sessionData.put("websocketHost", systemOptions.getRdpProxyDomain());
             sessionData.put("websocketUrl", "/guacamole/tunnel?token=" + jwtToken);
             sessionData.put("displayName", hostSystem.getDisplayName());
@@ -397,7 +399,7 @@ public ResponseEntity<String> downloadRdpFile(
             }
 
             // Generate JWT token for this user and target
-            String jwtToken = generateRdpJwtToken(user, hostSystem.getDisplayName());
+            String jwtToken = generateRdpJwtToken(user, hostSystem.getId());
             if (jwtToken == null) {
                 // log.error("Failed to generate JWT token for user {} and target {}", user.getUsername(), hostSystem.getDisplayName());
                 return ResponseEntity.internalServerError().build();
@@ -426,11 +428,11 @@ public ResponseEntity<String> downloadRdpFile(
     /**
      * Generate a JWT token for RDP authentication
      */
-    private String generateRdpJwtToken(User user, String target) {
+    private String generateRdpJwtToken(User user, Long target) {
         try {
             // log.info("Generating JWT token for user {} and target {}", user.getUsername(), target);
 
-            return ztatTokenService.issueServiceToken(user.getUsername(), "rdp-proxy", target, 60);
+            return ztatTokenService.issueServiceToken(user.getUsername(), "rdp-proxy", target.toString(), 60);
 
 
         } catch (Exception e) {

api/src/main/resources/static/js/functions.js

@@ -32,7 +32,7 @@ export function countRules(){
 }
 
 export function countAssignedSystems(){
-    fetch('/api/v1/enclaves/hosts/list')
+    fetch('/api/v1/enclaves/hosts/list?type=ALL')
         .then(response => response.json())
         .then(data => {
             if (null != data) {