use of org.apereo.cas.configuration.model.core.util.EncryptionRandomizedSigningJwtCryptographyProperties in project cas by apereo.
the class DynamoDbTicketRegistryConfiguration method ticketRegistry.
@Autowired
@RefreshScope
@Bean
public TicketRegistry ticketRegistry(@Qualifier("ticketCatalog") final TicketCatalog ticketCatalog) {
final DynamoDbTicketRegistryProperties db = casProperties.getTicket().getRegistry().getDynamoDb();
final EncryptionRandomizedSigningJwtCryptographyProperties crypto = db.getCrypto();
return new DynamoDbTicketRegistry(CoreTicketUtils.newTicketRegistryCipherExecutor(crypto, "dynamoDb"), dynamoDbTicketRegistryFacilitator(ticketCatalog));
}
use of org.apereo.cas.configuration.model.core.util.EncryptionRandomizedSigningJwtCryptographyProperties in project cas by apereo.
the class CasCoreWebflowConfiguration method webflowCipherExecutor.
@Bean
@RefreshScope
public CipherExecutor webflowCipherExecutor() {
final WebflowProperties webflow = casProperties.getWebflow();
final EncryptionRandomizedSigningJwtCryptographyProperties crypto = webflow.getCrypto();
boolean enabled = crypto.isEnabled();
if (!enabled && (StringUtils.isNotBlank(crypto.getEncryption().getKey())) && StringUtils.isNotBlank(crypto.getSigning().getKey())) {
LOGGER.warn("Webflow encryption/signing is not enabled explicitly in the configuration, yet signing/encryption keys " + "are defined for operations. CAS will proceed to enable the webflow encryption/signing functionality.");
enabled = true;
}
if (enabled) {
return new WebflowConversationStateCipherExecutor(crypto.getEncryption().getKey(), crypto.getSigning().getKey(), crypto.getAlg(), crypto.getSigning().getKeySize(), crypto.getEncryption().getKeySize());
}
LOGGER.warn("Webflow encryption/signing is turned off. This " + "MAY NOT be safe in a production environment. Consider using other choices to handle encryption, " + "signing and verification of webflow state.");
return CipherExecutor.noOp();
}
use of org.apereo.cas.configuration.model.core.util.EncryptionRandomizedSigningJwtCryptographyProperties in project cas by apereo.
the class AbstractTicketRegistryTests method setUpEncryption.
private void setUpEncryption() {
final AbstractTicketRegistry registry = AopTestUtils.getTargetObject(this.ticketRegistry);
if (this.useEncryption) {
final CipherExecutor cipher = CoreTicketUtils.newTicketRegistryCipherExecutor(new EncryptionRandomizedSigningJwtCryptographyProperties(), "[tests]");
registry.setCipherExecutor(cipher);
} else {
registry.setCipherExecutor(CipherExecutor.noOp());
}
}
use of org.apereo.cas.configuration.model.core.util.EncryptionRandomizedSigningJwtCryptographyProperties in project cas by apereo.
the class GenerateCryptoKeysCommand method generateKey.
/**
* Generate key.
*
* @param name the name
*/
@CliCommand(value = "generate-key", help = "Generate signing/encryption crypto keys for CAS settings")
public void generateKey(@CliOption(key = { "group" }, help = "Property group that holds the key (i.e. cas.webflow). The group must have a child category of 'crypto'.", mandatory = true, specifiedDefaultValue = "", unspecifiedDefaultValue = "", optionContext = "Property name for that holds the key") final String name) {
/*
Because the command is used both from the shell and CLI,
we need to validate parameters again.
*/
if (StringUtils.isBlank(name)) {
LOGGER.warn("No property/setting name is specified for signing/encryption key generation.");
return;
}
final CasConfigurationMetadataRepository repository = new CasConfigurationMetadataRepository();
final String cryptoGroup = name.concat(".crypto");
repository.getRepository().getAllGroups().entrySet().stream().filter(e -> e.getKey().startsWith(cryptoGroup)).forEach(e -> {
final ConfigurationMetadataGroup grp = e.getValue();
grp.getSources().forEach(Unchecked.biConsumer((k, v) -> {
final Object obj = ClassUtils.getClass(k, true).getDeclaredConstructor().newInstance();
if (obj instanceof EncryptionJwtSigningJwtCryptographyProperties) {
final EncryptionJwtSigningJwtCryptographyProperties crypto = (EncryptionJwtSigningJwtCryptographyProperties) obj;
LOGGER.info(cryptoGroup.concat(".encryption.key=" + EncodingUtils.generateJsonWebKey(crypto.getEncryption().getKeySize())));
LOGGER.info(cryptoGroup.concat(".signing.key=" + EncodingUtils.generateJsonWebKey(crypto.getSigning().getKeySize())));
} else if (obj instanceof EncryptionRandomizedSigningJwtCryptographyProperties) {
final EncryptionRandomizedSigningJwtCryptographyProperties crypto = (EncryptionRandomizedSigningJwtCryptographyProperties) obj;
final String encKey = new Base64RandomStringGenerator(crypto.getEncryption().getKeySize()).getNewString();
LOGGER.info(cryptoGroup.concat(".encryption.key=" + encKey));
LOGGER.info(cryptoGroup.concat(".signing.key=" + EncodingUtils.generateJsonWebKey(crypto.getSigning().getKeySize())));
}
}));
});
}
use of org.apereo.cas.configuration.model.core.util.EncryptionRandomizedSigningJwtCryptographyProperties in project cas by apereo.
the class BaseTicketRegistryTests method setUpEncryption.
private void setUpEncryption() {
var registry = (AbstractTicketRegistry) AopTestUtils.getTargetObject(ticketRegistry);
if (this.useEncryption) {
val cipher = CoreTicketUtils.newTicketRegistryCipherExecutor(new EncryptionRandomizedSigningJwtCryptographyProperties(), "[tests]");
registry.setCipherExecutor(cipher);
} else {
registry.setCipherExecutor(CipherExecutor.noOp());
}
}
Aggregations