use of org.apereo.cas.support.wsfederation.web.WsFederationCookieCipherExecutor in project cas by apereo.
the class WsFedAuthenticationEventExecutionPlanConfiguration method getWsFederationConfiguration.
private WsFederationConfiguration getWsFederationConfiguration(final WsFederationDelegationProperties wsfed) {
final WsFederationConfiguration config = new WsFederationConfiguration();
config.setAttributesType(WsFederationConfiguration.WsFedPrincipalResolutionAttributesType.valueOf(wsfed.getAttributesType()));
config.setIdentityAttribute(wsfed.getIdentityAttribute());
config.setIdentityProviderIdentifier(wsfed.getIdentityProviderIdentifier());
config.setIdentityProviderUrl(wsfed.getIdentityProviderUrl());
config.setTolerance(Beans.newDuration(wsfed.getTolerance()).toMillis());
config.setRelyingPartyIdentifier(wsfed.getRelyingPartyIdentifier());
org.springframework.util.StringUtils.commaDelimitedListToSet(wsfed.getSigningCertificateResources()).forEach(s -> config.getSigningCertificateResources().add(this.resourceLoader.getResource(s)));
org.springframework.util.StringUtils.commaDelimitedListToSet(wsfed.getEncryptionPrivateKey()).forEach(s -> config.setEncryptionPrivateKey(this.resourceLoader.getResource(s)));
org.springframework.util.StringUtils.commaDelimitedListToSet(wsfed.getEncryptionCertificate()).forEach(s -> config.setEncryptionCertificate(this.resourceLoader.getResource(s)));
config.setEncryptionPrivateKeyPassword(wsfed.getEncryptionPrivateKeyPassword());
config.setAttributeMutator(this.attributeMutator);
config.setAutoRedirect(wsfed.isAutoRedirect());
config.setName(wsfed.getName());
final WsFederationDelegatedCookieProperties cookie = wsfed.getCookie();
final EncryptionJwtSigningJwtCryptographyProperties crypto = cookie.getCrypto();
final CipherExecutor cipher;
if (crypto.isEnabled()) {
cipher = new WsFederationCookieCipherExecutor(crypto.getEncryption().getKey(), crypto.getSigning().getKey(), crypto.getAlg());
} else {
LOGGER.info("WsFederation delegated authentication cookie encryption/signing is turned off and " + "MAY NOT be safe in a production environment. " + "Consider using other choices to handle encryption, signing and verification of " + "delegated authentication cookie.");
cipher = CipherExecutor.noOp();
}
config.setCookieGenerator(new WsFederationCookieGenerator(new DefaultCasCookieValueManager(cipher), cookie.getName(), cookie.getPath(), cookie.getMaxAge(), cookie.isSecure(), cookie.getDomain(), cookie.isHttpOnly()));
config.initialize();
return config;
}
Aggregations