Example 1 with RevocationChecker
use of org.apereo.cas.adaptors.x509.authentication.revocation.checker.RevocationChecker in project cas by apereo.
the class X509AuthenticationConfiguration method x509CredentialsAuthenticationHandler.
@Bean
@RefreshScope
public AuthenticationHandler x509CredentialsAuthenticationHandler() {
final X509Properties x509 = casProperties.getAuthn().getX509();
final RevocationChecker revChecker;
switch(x509.getRevocationChecker().trim().toLowerCase()) {
case "resource":
revChecker = resourceCrlRevocationChecker();
break;
case "crl":
revChecker = crlDistributionPointRevocationChecker();
break;
case "none":
default:
revChecker = noOpRevocationChecker();
break;
}
return new X509CredentialsAuthenticationHandler(x509.getName(), servicesManager, x509PrincipalFactory(), StringUtils.isNotBlank(x509.getRegExTrustedIssuerDnPattern()) ? RegexUtils.createPattern(x509.getRegExTrustedIssuerDnPattern()) : null, x509.getMaxPathLength(), x509.isMaxPathLengthAllowUnspecified(), x509.isCheckKeyUsage(), x509.isRequireKeyUsage(), StringUtils.isNotBlank(x509.getRegExSubjectDnPattern()) ? RegexUtils.createPattern(x509.getRegExSubjectDnPattern()) : null, revChecker);
}
Also used :
X509CredentialsAuthenticationHandler(org.apereo.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler)
RevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.RevocationChecker)
CRLDistributionPointRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.CRLDistributionPointRevocationChecker)
ResourceCRLRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.ResourceCRLRevocationChecker)
NoOpRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.NoOpRevocationChecker)
X509Properties(org.apereo.cas.configuration.model.support.x509.X509Properties)
RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope)
ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)
Bean(org.springframework.context.annotation.Bean)
Example 2 with RevocationChecker
use of org.apereo.cas.adaptors.x509.authentication.revocation.checker.RevocationChecker in project cas by apereo.
the class X509AuthenticationConfiguration method resourceCrlRevocationChecker.
@Bean
public RevocationChecker resourceCrlRevocationChecker() {
final X509Properties x509 = casProperties.getAuthn().getX509();
final Set<Resource> x509CrlResources = x509.getCrlResources().stream().map(s -> this.resourceLoader.getResource(s)).collect(Collectors.toSet());
return new ResourceCRLRevocationChecker(x509.isCheckAll(), getRevocationPolicy(x509.getCrlResourceUnavailablePolicy()), getRevocationPolicy(x509.getCrlResourceExpiredPolicy()), x509.getRefreshIntervalSeconds(), crlFetcher(), x509CrlResources);
}
Also used :
CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties)
X509SubjectAlternativeNameUPNPrincipalResolver(org.apereo.cas.adaptors.x509.authentication.principal.X509SubjectAlternativeNameUPNPrincipalResolver)
X509SubjectPrincipalResolver(org.apereo.cas.adaptors.x509.authentication.principal.X509SubjectPrincipalResolver)
RevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.RevocationPolicy)
X509SerialNumberAndIssuerDNPrincipalResolver(org.apereo.cas.adaptors.x509.authentication.principal.X509SerialNumberAndIssuerDNPrincipalResolver)
Autowired(org.springframework.beans.factory.annotation.Autowired)
Beans(org.apereo.cas.configuration.support.Beans)
StringUtils(org.apache.commons.lang3.StringUtils)
AuthenticationEventExecutionPlan(org.apereo.cas.authentication.AuthenticationEventExecutionPlan)
IPersonAttributeDao(org.apereo.services.persondir.IPersonAttributeDao)
RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope)
AuthenticationHandler(org.apereo.cas.authentication.AuthenticationHandler)
PrincipalFactory(org.apereo.cas.authentication.principal.PrincipalFactory)
RevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.RevocationChecker)
EnableConfigurationProperties(org.springframework.boot.context.properties.EnableConfigurationProperties)
Qualifier(org.springframework.beans.factory.annotation.Qualifier)
X509SubjectDNPrincipalResolver(org.apereo.cas.adaptors.x509.authentication.principal.X509SubjectDNPrincipalResolver)
ServicesManager(org.apereo.cas.services.ServicesManager)
Resource(org.springframework.core.io.Resource)
ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)
ResourceLoader(org.springframework.core.io.ResourceLoader)
CRLFetcher(org.apereo.cas.adaptors.x509.authentication.CRLFetcher)
X509SerialNumberPrincipalResolver(org.apereo.cas.adaptors.x509.authentication.principal.X509SerialNumberPrincipalResolver)
PrincipalResolver(org.apereo.cas.authentication.principal.PrincipalResolver)
Set(java.util.Set)
UUID(java.util.UUID)
Collectors(java.util.stream.Collectors)
AuthenticationEventExecutionPlanConfigurer(org.apereo.cas.config.support.authentication.AuthenticationEventExecutionPlanConfigurer)
CRLDistributionPointRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.CRLDistributionPointRevocationChecker)
ResourceCRLRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.ResourceCRLRevocationChecker)
RegexUtils(org.apereo.cas.util.RegexUtils)
Configuration(org.springframework.context.annotation.Configuration)
DenyRevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.DenyRevocationPolicy)
ThresholdExpiredCRLRevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.ThresholdExpiredCRLRevocationPolicy)
X509Properties(org.apereo.cas.configuration.model.support.x509.X509Properties)
AllowRevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.AllowRevocationPolicy)
NoOpRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.NoOpRevocationChecker)
ResourceCRLFetcher(org.apereo.cas.adaptors.x509.authentication.ResourceCRLFetcher)
LdaptiveResourceCRLFetcher(org.apereo.cas.adaptors.x509.authentication.ldap.LdaptiveResourceCRLFetcher)
Bean(org.springframework.context.annotation.Bean)
Cache(net.sf.ehcache.Cache)
X509CredentialsAuthenticationHandler(org.apereo.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler)
DefaultPrincipalFactory(org.apereo.cas.authentication.principal.DefaultPrincipalFactory)
ResourceCRLRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.ResourceCRLRevocationChecker)
Resource(org.springframework.core.io.Resource)
X509Properties(org.apereo.cas.configuration.model.support.x509.X509Properties)
ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)
Bean(org.springframework.context.annotation.Bean)
Example 3 with RevocationChecker
use of org.apereo.cas.adaptors.x509.authentication.revocation.checker.RevocationChecker in project cas by apereo.
the class X509AuthenticationConfiguration method crlDistributionPointRevocationChecker.
@Bean
public RevocationChecker crlDistributionPointRevocationChecker() {
final X509Properties x509 = casProperties.getAuthn().getX509();
final Cache cache = new Cache("CRL".concat(UUID.randomUUID().toString()), x509.getCacheMaxElementsInMemory(), x509.isCacheDiskOverflow(), x509.isCacheEternal(), x509.getCacheTimeToLiveSeconds(), x509.getCacheTimeToIdleSeconds());
return new CRLDistributionPointRevocationChecker(x509.isCheckAll(), getRevocationPolicy(x509.getCrlUnavailablePolicy()), getRevocationPolicy(x509.getCrlExpiredPolicy()), cache, crlFetcher(), x509.isThrowOnFetchFailure());
}
Also used :
CRLDistributionPointRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.CRLDistributionPointRevocationChecker)
X509Properties(org.apereo.cas.configuration.model.support.x509.X509Properties)
Cache(net.sf.ehcache.Cache)
ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)
Bean(org.springframework.context.annotation.Bean)
Aggregations
CRLDistributionPointRevocationChecker (org.apereo.cas.adaptors.x509.authentication.revocation.checker.CRLDistributionPointRevocationChecker)3
X509Properties (org.apereo.cas.configuration.model.support.x509.X509Properties)3
ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)3
Bean (org.springframework.context.annotation.Bean)3
Cache (net.sf.ehcache.Cache)2
X509CredentialsAuthenticationHandler (org.apereo.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler)2
NoOpRevocationChecker (org.apereo.cas.adaptors.x509.authentication.revocation.checker.NoOpRevocationChecker)2
ResourceCRLRevocationChecker (org.apereo.cas.adaptors.x509.authentication.revocation.checker.ResourceCRLRevocationChecker)2
RevocationChecker (org.apereo.cas.adaptors.x509.authentication.revocation.checker.RevocationChecker)2
RefreshScope (org.springframework.cloud.context.config.annotation.RefreshScope)2
Set (java.util.Set)1
UUID (java.util.UUID)1
Collectors (java.util.stream.Collectors)1
StringUtils (org.apache.commons.lang3.StringUtils)1
CRLFetcher (org.apereo.cas.adaptors.x509.authentication.CRLFetcher)1
ResourceCRLFetcher (org.apereo.cas.adaptors.x509.authentication.ResourceCRLFetcher)1
LdaptiveResourceCRLFetcher (org.apereo.cas.adaptors.x509.authentication.ldap.LdaptiveResourceCRLFetcher)1
X509SerialNumberAndIssuerDNPrincipalResolver (org.apereo.cas.adaptors.x509.authentication.principal.X509SerialNumberAndIssuerDNPrincipalResolver)1
X509SerialNumberPrincipalResolver (org.apereo.cas.adaptors.x509.authentication.principal.X509SerialNumberPrincipalResolver)1
X509SubjectAlternativeNameUPNPrincipalResolver (org.apereo.cas.adaptors.x509.authentication.principal.X509SubjectAlternativeNameUPNPrincipalResolver)1
