Examples with RegisteredServiceJwtTicketCipherExecutor org.apereo.cas.token.cipher.RegisteredServiceJwtTicketCipherExecutor used on opensource projects

Example 1 with RegisteredServiceJwtTicketCipherExecutor

use of org.apereo.cas.token.cipher.RegisteredServiceJwtTicketCipherExecutor in project cas by apereo.

the class JwtTokenTicketBuilderTests method verifyJwtForServiceTicketWithOwnKeys.

@Test
public void verifyJwtForServiceTicketWithOwnKeys() throws Exception {
    val service = CoreAuthenticationTestUtils.getWebApplicationService("https://jwt.example.org/cas");
    val jwt = tokenTicketBuilder.build("ST-123455", service);
    assertNotNull(jwt);
    val result = tokenCipherExecutor.decode(jwt);
    assertNull(result);
    val registeredService = servicesManager.findServiceBy(service);
    val cipher = new RegisteredServiceJwtTicketCipherExecutor();
    assertTrue(cipher.supports(registeredService));
    val decoded = cipher.decode(jwt, Optional.of(registeredService));
    val claims = JWTClaimsSet.parse(decoded);
    assertEquals("casuser", claims.getSubject());
}

Example 2 with RegisteredServiceJwtTicketCipherExecutor

use of org.apereo.cas.token.cipher.RegisteredServiceJwtTicketCipherExecutor in project cas by apereo.

the class JwtTokenCipherSigningPublicKeyEndpoint method fetchPublicKey.

/**
 * Fetch public key.
 *
 * @param service the service
 * @return the string
 * @throws Exception the exception
 */
@ReadOperation(produces = MediaType.TEXT_PLAIN_VALUE)
@Operation(summary = "Get public key for signing operations", parameters = { @Parameter(name = "service") })
public String fetchPublicKey(@Nullable final String service) throws Exception {
    var signingKey = tokenCipherExecutor.getSigningKey();
    if (StringUtils.isNotBlank(service)) {
        val registeredService = servicesManager.findServiceBy(webApplicationServiceFactory.createService(service));
        RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(registeredService);
        val serviceCipher = new RegisteredServiceJwtTicketCipherExecutor();
        if (serviceCipher.supports(registeredService)) {
            val cipher = serviceCipher.getTokenTicketCipherExecutorForService(registeredService);
            if (cipher.isEnabled()) {
                signingKey = cipher.getSigningKey();
            }
        }
    }
    if (signingKey instanceof RSAPrivateCrtKey) {
        val rsaSigningKey = (RSAPrivateCrtKey) signingKey;
        val factory = KeyFactory.getInstance("RSA");
        val publicKey = factory.generatePublic(new RSAPublicKeySpec(rsaSigningKey.getModulus(), rsaSigningKey.getPublicExponent()));
        return EncodingUtils.encodeBase64(publicKey.getEncoded());
    }
    return null;
}

Example 3 with RegisteredServiceJwtTicketCipherExecutor

use of org.apereo.cas.token.cipher.RegisteredServiceJwtTicketCipherExecutor in project cas by apereo.

the class JwtTokenTicketBuilderWithoutEncryptionTests method verifyJwtForServiceTicketWithoutEncryptionKey.

@Test
public void verifyJwtForServiceTicketWithoutEncryptionKey() throws Exception {
    val service = CoreAuthenticationTestUtils.getWebApplicationService("https://jwt.no-encryption-key.example.org/cas");
    val jwt = tokenTicketBuilder.build("ST-123456", service);
    assertNotNull(jwt);
    val result = tokenCipherExecutor.decode(jwt);
    assertNull(result);
    val registeredService = servicesManager.findServiceBy(service);
    val cipher = new RegisteredServiceJwtTicketCipherExecutor();
    assertTrue(cipher.supports(registeredService));
    val decoded = cipher.decode(jwt, Optional.of(registeredService));
    val claims = JWTClaimsSet.parse(decoded);
    assertEquals("casuser", claims.getSubject());
}