use of oidc.model.SigningKey in project OpenConext-oidcng by OpenConext.
the class KeyRolloverTest method rolloverSymmetricKeys.
@Test
public void rolloverSymmetricKeys() throws GeneralSecurityException, IOException {
resetAndCreateSymmetricKeys(3);
List<SymmetricKey> symmetricKeys = mongoTemplate.findAll(SymmetricKey.class);
assertEquals(3, symmetricKeys.size());
List<SigningKey> signingKeys = IntStream.rangeClosed(0, 5).mapToObj(i -> new SigningKey("key_" + i, symmetricKeys.get(0).getKeyId(), "jwk", new Date())).collect(toList());
mongoTemplate.bulkOps(BulkOperations.BulkMode.ORDERED, SigningKey.class).remove(new Query()).insert(signingKeys).execute();
KeyRollover keyRollover = new KeyRollover(tokenGenerator, mongoTemplate, true, sequenceRepository);
keyRollover.doSymmetricKeyRollover();
List<String> keyIds = mongoTemplate.findAll(SymmetricKey.class).stream().map(SymmetricKey::getKeyId).sorted().collect(toList());
assertEquals(Arrays.asList(symmetricKeys.get(0).getKeyId(), sequenceRepository.currentSymmetricKeyId()).stream().sorted().collect(toList()), keyIds);
mongoTemplate.bulkOps(BulkOperations.BulkMode.ORDERED, SigningKey.class).remove(new Query()).execute();
}
use of oidc.model.SigningKey in project OpenConext-oidcng by OpenConext.
the class KeyRolloverTest method rolloverSigningKeys.
@Test
public void rolloverSigningKeys() throws GeneralSecurityException, ParseException, IOException {
resetAndCreateSigningKeys(3);
final List<String> signingKeys = mongoTemplate.findAll(SigningKey.class).stream().map(SigningKey::getKeyId).sorted().collect(toList());
assertEquals(3, signingKeys.size());
List<AccessToken> tokens = IntStream.rangeClosed(0, 10).mapToObj(i -> accessToken("val" + i, signingKeys.get(i % 2))).collect(toList());
mongoTemplate.bulkOps(BulkOperations.BulkMode.ORDERED, AccessToken.class).remove(new Query()).insert(tokens).execute();
KeyRollover keyRollover = new KeyRollover(tokenGenerator, mongoTemplate, true, sequenceRepository);
keyRollover.rollover();
List<String> keys = mongoTemplate.findAll(SigningKey.class).stream().map(SigningKey::getKeyId).sorted().collect(toList());
// would expect 4, but one signing key is cleaned up as it is not used in
assertEquals(3, keys.size());
}
use of oidc.model.SigningKey in project OpenConext-oidcng by OpenConext.
the class TokenGeneratorTest method rolloverSigningKeys.
@Test
public void rolloverSigningKeys() throws GeneralSecurityException, ParseException, IOException {
resetAndCreateSigningKeys(3);
SigningKey signingKey = signingKeyRepository.findAllByOrderByCreatedDesc().get(0);
assertTrue(signingKey.getKeyId().startsWith(currentSigningKeyIdPrefix()));
}
use of oidc.model.SigningKey in project OpenConext-oidcng by OpenConext.
the class KeyRollover method cleanUpSigningKeys.
public List<String> cleanUpSigningKeys() {
List<String> signingKeyValues = mongoTemplate.findDistinct("signingKeyId", AccessToken.class, String.class);
List<String> signingKeyValuesRefreshToken = mongoTemplate.findDistinct("signingKeyId", RefreshToken.class, String.class);
signingKeyValues.addAll(signingKeyValuesRefreshToken);
signingKeyValues.add(String.format("key_%s", sequenceRepository.currentSigningKeyId()));
Query query = Query.query(Criteria.where("keyId").not().in(signingKeyValues));
List<SigningKey> signingKeys = mongoTemplate.findAllAndRemove(query, SigningKey.class);
List<String> deleted = signingKeys.stream().map(SigningKey::getKeyId).collect(Collectors.toList());
LOG.info("Deleted signing keys that are no longer referenced by access_tokens and refresh_token: " + String.join(", ", deleted));
return deleted;
}
use of oidc.model.SigningKey in project OpenConext-oidcng by OpenConext.
the class KeyRollover method doSigningKeyRollover.
public List<String> doSigningKeyRollover() {
try {
SigningKey signingKey = tokenGenerator.rolloverSigningKeys();
LOG.info("Successful signing key rollover. New signing key: " + signingKey.getKeyId());
return cleanUpSigningKeys();
} catch (Exception e) {
LOG.error("Rollover exception", e);
return Collections.emptyList();
}
}
Aggregations