use of oidc.model.SymmetricKey in project OpenConext-oidcng by OpenConext.
the class KeyRolloverTest method rolloverSymmetricKeys.
@Test
public void rolloverSymmetricKeys() throws GeneralSecurityException, IOException {
resetAndCreateSymmetricKeys(3);
List<SymmetricKey> symmetricKeys = mongoTemplate.findAll(SymmetricKey.class);
assertEquals(3, symmetricKeys.size());
List<SigningKey> signingKeys = IntStream.rangeClosed(0, 5).mapToObj(i -> new SigningKey("key_" + i, symmetricKeys.get(0).getKeyId(), "jwk", new Date())).collect(toList());
mongoTemplate.bulkOps(BulkOperations.BulkMode.ORDERED, SigningKey.class).remove(new Query()).insert(signingKeys).execute();
KeyRollover keyRollover = new KeyRollover(tokenGenerator, mongoTemplate, true, sequenceRepository);
keyRollover.doSymmetricKeyRollover();
List<String> keyIds = mongoTemplate.findAll(SymmetricKey.class).stream().map(SymmetricKey::getKeyId).sorted().collect(toList());
assertEquals(Arrays.asList(symmetricKeys.get(0).getKeyId(), sequenceRepository.currentSymmetricKeyId()).stream().sorted().collect(toList()), keyIds);
mongoTemplate.bulkOps(BulkOperations.BulkMode.ORDERED, SigningKey.class).remove(new Query()).execute();
}
use of oidc.model.SymmetricKey in project OpenConext-oidcng by OpenConext.
the class KeyRollover method doSymmetricKeyRollover.
public List<String> doSymmetricKeyRollover() {
try {
SymmetricKey symmetricKey = tokenGenerator.rolloverSymmetricKeys();
LOG.info("Successful symmetric key rollover. New symmetric key: " + symmetricKey.getKeyId());
return cleanUpSymmetricKeys();
} catch (Exception e) {
LOG.error("Rollover exception", e);
return Collections.emptyList();
}
}
use of oidc.model.SymmetricKey in project OpenConext-oidcng by OpenConext.
the class AbstractIntegrationTest method resetAndCreateSymmetricKeys.
protected void resetAndCreateSymmetricKeys(int numberOfSymmetricKeys) throws GeneralSecurityException, IOException {
mongoTemplate.dropCollection(SymmetricKey.class);
for (int i = 1; i < numberOfSymmetricKeys + 1; i++) {
SymmetricKey symmetricKey = tokenGenerator.rolloverSymmetricKeys();
assertNotNull(symmetricKey.getKeyId());
}
}
use of oidc.model.SymmetricKey in project OpenConext-oidcng by OpenConext.
the class KeyRollover method cleanUpSymmetricKeys.
public List<String> cleanUpSymmetricKeys() {
List<String> symmetricKeyValues = mongoTemplate.findDistinct("symmetricKeyId", SigningKey.class, String.class);
symmetricKeyValues.add(sequenceRepository.currentSymmetricKeyId());
Query query = Query.query(Criteria.where("keyId").not().in(symmetricKeyValues));
List<SymmetricKey> symmetricKeys = mongoTemplate.findAllAndRemove(query, SymmetricKey.class);
List<String> deleted = symmetricKeys.stream().map(SymmetricKey::getKeyId).collect(Collectors.toList());
LOG.info("Deleted symmetric keys that are no longer referenced by signing keys: " + String.join(", ", deleted));
return deleted;
}
Aggregations