use of org.apereo.cas.token.cipher.RegisteredServiceJwtTicketCipherExecutor in project cas by apereo.
the class JwtTokenTicketBuilderTests method verifyJwtForServiceTicketWithOwnKeys.
@Test
public void verifyJwtForServiceTicketWithOwnKeys() throws Exception {
val service = CoreAuthenticationTestUtils.getWebApplicationService("https://jwt.example.org/cas");
val jwt = tokenTicketBuilder.build("ST-123455", service);
assertNotNull(jwt);
val result = tokenCipherExecutor.decode(jwt);
assertNull(result);
val registeredService = servicesManager.findServiceBy(service);
val cipher = new RegisteredServiceJwtTicketCipherExecutor();
assertTrue(cipher.supports(registeredService));
val decoded = cipher.decode(jwt, Optional.of(registeredService));
val claims = JWTClaimsSet.parse(decoded);
assertEquals("casuser", claims.getSubject());
}
use of org.apereo.cas.token.cipher.RegisteredServiceJwtTicketCipherExecutor in project cas by apereo.
the class JwtTokenCipherSigningPublicKeyEndpoint method fetchPublicKey.
/**
* Fetch public key.
*
* @param service the service
* @return the string
* @throws Exception the exception
*/
@ReadOperation(produces = MediaType.TEXT_PLAIN_VALUE)
@Operation(summary = "Get public key for signing operations", parameters = { @Parameter(name = "service") })
public String fetchPublicKey(@Nullable final String service) throws Exception {
var signingKey = tokenCipherExecutor.getSigningKey();
if (StringUtils.isNotBlank(service)) {
val registeredService = servicesManager.findServiceBy(webApplicationServiceFactory.createService(service));
RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(registeredService);
val serviceCipher = new RegisteredServiceJwtTicketCipherExecutor();
if (serviceCipher.supports(registeredService)) {
val cipher = serviceCipher.getTokenTicketCipherExecutorForService(registeredService);
if (cipher.isEnabled()) {
signingKey = cipher.getSigningKey();
}
}
}
if (signingKey instanceof RSAPrivateCrtKey) {
val rsaSigningKey = (RSAPrivateCrtKey) signingKey;
val factory = KeyFactory.getInstance("RSA");
val publicKey = factory.generatePublic(new RSAPublicKeySpec(rsaSigningKey.getModulus(), rsaSigningKey.getPublicExponent()));
return EncodingUtils.encodeBase64(publicKey.getEncoded());
}
return null;
}
use of org.apereo.cas.token.cipher.RegisteredServiceJwtTicketCipherExecutor in project cas by apereo.
the class JwtTokenTicketBuilderWithoutEncryptionTests method verifyJwtForServiceTicketWithoutEncryptionKey.
@Test
public void verifyJwtForServiceTicketWithoutEncryptionKey() throws Exception {
val service = CoreAuthenticationTestUtils.getWebApplicationService("https://jwt.no-encryption-key.example.org/cas");
val jwt = tokenTicketBuilder.build("ST-123456", service);
assertNotNull(jwt);
val result = tokenCipherExecutor.decode(jwt);
assertNull(result);
val registeredService = servicesManager.findServiceBy(service);
val cipher = new RegisteredServiceJwtTicketCipherExecutor();
assertTrue(cipher.supports(registeredService));
val decoded = cipher.decode(jwt, Optional.of(registeredService));
val claims = JWTClaimsSet.parse(decoded);
assertEquals("casuser", claims.getSubject());
}
Aggregations