Search in sources :

Example 1 with TokenTicketCipherExecutor

use of org.apereo.cas.token.cipher.TokenTicketCipherExecutor in project cas by apereo.

the class TokenCoreConfiguration method tokenCipherExecutor.

@Bean
@RefreshScope
@ConditionalOnMissingBean(name = "tokenCipherExecutor")
public CipherExecutor tokenCipherExecutor() {
    final EncryptionOptionalSigningJwtCryptographyProperties crypto = casProperties.getAuthn().getToken().getCrypto();
    boolean enabled = crypto.isEnabled();
    if (!enabled && (StringUtils.isNotBlank(crypto.getEncryption().getKey())) && StringUtils.isNotBlank(crypto.getSigning().getKey())) {
        LOGGER.warn("Token encryption/signing is not enabled explicitly in the configuration, yet signing/encryption keys " + "are defined for operations. CAS will proceed to enable the token encryption/signing functionality.");
        enabled = true;
    }
    if (enabled) {
        return new TokenTicketCipherExecutor(crypto.getEncryption().getKey(), crypto.getSigning().getKey(), crypto.getAlg(), crypto.isEncryptionEnabled());
    }
    LOGGER.info("Token cookie encryption/signing is turned off. This " + "MAY NOT be safe in a production environment. Consider using other choices to handle encryption, " + "signing and verification of generated tokens.");
    return CipherExecutor.noOp();
}
Also used : EncryptionOptionalSigningJwtCryptographyProperties(org.apereo.cas.configuration.model.core.util.EncryptionOptionalSigningJwtCryptographyProperties) TokenTicketCipherExecutor(org.apereo.cas.token.cipher.TokenTicketCipherExecutor) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) Bean(org.springframework.context.annotation.Bean)

Example 2 with TokenTicketCipherExecutor

use of org.apereo.cas.token.cipher.TokenTicketCipherExecutor in project cas by apereo.

the class TokenWebApplicationServiceResponseBuilderTests method verifyDecrypt.

@Test
public void verifyDecrypt() {
    final String jwt = "eyJhbGciOiJIUzUxMiJ9.WlhsS05tRllRV2xQYVVwRlVsVlphVXhEU21oaVIyTnBUMmxLYT" + "JGWVNXbE1RMHBzWW0xTmFVOXBTa0pOVkVrMFVUQktSRXhWYUZSTmFsVXlTVzR3TGk0M2JEVnNWVk5PWW5OTGFYbDNh" + "MHhoTUhoUlIxZEJMa053VmpVNVEzTlpTVlprUm5wUVRYbFBjakoyU1MxdVJ6TlVZVGx2Y0ZSM1JUVXdhMnhZWW1sNmNu" + "Wm5VM00zUW5OTk1FRTVNWGQxWldobFdFUndUVk5DWkhRek4yaDRlV3RuTjJGUWIydGFkMjlxZEdkQmVUQXpWV0k0UWpkSF" + "drc3RSM2d3ZEdsbVN6bDFTMHd3WlVsQ1FsbGFiVzVZWWs1UmRFaFpVMjVyU21GQmRIWjBaWEowVkVscmQxaENTelZyUkRkW" + "FFtcDBPVXB6YkVkYVJEaHVVRzVXT0VwaVZXSTRPWFp2Um5SRk0waHhaMUJXY1VkUWVIWlVhalEzYUROeWJsVXliamhhTkdaZl" + "JqQnFUMEZ2U2s1Q1IycHNUVTVoWDJ0cVZVazNlVmQxT1dSNmJFVldUVWxyUlVwS05VeGFSa040TTAxR2RqRlpkREZ2VGtGdVZVY3h" + "SMmczVUhSS0xUaFFkRWxOT0dSbFpYTTJiSGt5Y1hZMWFWQlFaa2hwVVVGSFduRjFkM0V5YkdwVWVIcFNNSEV0V25sSFNISjNSbFpwV0h" + "kdmREUk9UWFJPU1Y5T2JFTnhkMGhOYW5SRFZrSlljMFYwVERsRFpEQjBUMGRqWjNCNWRXeGZTWEJXZEVneFduRlhSbHBPVkZGaldrMVlZ" + "alExUzNOdFVURmZabU54UkU5SGNsUlVTa2g1ZEVwS2JWaEdla0pDY3pGUlZVMXdXVWs0TjFwVE9IVnVPSFJ4VlZrdWEzSkNOMFk0T1hKc" + "U5td3lhMXB1WVZOcE1WUndVUT09.RFGa_ZuEtvPm7vnl0O3Z5D1waPDIbqxiDFTE8WU5zm7ssKACNPA0hRiJIM0Lo5Vs4ATh06LitXmhzxY5Ix9iyA";
    final String signingSecret = "EihBwA3OuDQMm4gdWzkqRJ87596G7o7a_naJAJipxFoRJbXK7APRcnCA91Y30rJdh4q-C2dmpfV6eNhQT0bR5A";
    final String encryptionSecret = "dJ2YpUd-r_Qd7e3nDm79WiIHkqaLT8yZt6nN5eG0YnE";
    final TokenTicketCipherExecutor cipher = new TokenTicketCipherExecutor(encryptionSecret, signingSecret, true);
    final String result = cipher.decode(jwt);
    assertNotNull(result);
}
Also used : TokenTicketCipherExecutor(org.apereo.cas.token.cipher.TokenTicketCipherExecutor) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Aggregations

TokenTicketCipherExecutor (org.apereo.cas.token.cipher.TokenTicketCipherExecutor)2 EncryptionOptionalSigningJwtCryptographyProperties (org.apereo.cas.configuration.model.core.util.EncryptionOptionalSigningJwtCryptographyProperties)1 Test (org.junit.Test)1 ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)1 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)1 RefreshScope (org.springframework.cloud.context.config.annotation.RefreshScope)1 Bean (org.springframework.context.annotation.Bean)1