Example 1 with PrivateKeyFactoryBean
use of org.apereo.cas.util.crypto.PrivateKeyFactoryBean in project cas by apereo.
the class GoogleAccountsServiceResponseBuilder method createGoogleAppsPrivateKey.
/**
* Create the private key.
*
* @throws Exception if key creation ran into an error
*/
protected void createGoogleAppsPrivateKey() throws Exception {
if (!isValidConfiguration()) {
LOGGER.debug("Google Apps private key bean will not be created, because it's not configured");
return;
}
val bean = new PrivateKeyFactoryBean();
if (this.privateKeyLocation.startsWith(ResourceUtils.CLASSPATH_URL_PREFIX)) {
bean.setLocation(new ClassPathResource(StringUtils.removeStart(this.privateKeyLocation, ResourceUtils.CLASSPATH_URL_PREFIX)));
} else if (this.privateKeyLocation.startsWith(ResourceUtils.FILE_URL_PREFIX)) {
bean.setLocation(new FileSystemResource(StringUtils.removeStart(this.privateKeyLocation, ResourceUtils.FILE_URL_PREFIX)));
} else {
bean.setLocation(new FileSystemResource(this.privateKeyLocation));
}
bean.setAlgorithm(this.keyAlgorithm);
LOGGER.debug("Loading Google Apps private key from [{}] with key algorithm [{}]", bean.getLocation(), bean.getAlgorithm());
bean.afterPropertiesSet();
LOGGER.debug("Creating Google Apps private key instance via [{}]", this.privateKeyLocation);
this.privateKey = bean.getObject();
}
Also used :
lombok.val(lombok.val)
PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean)
FileSystemResource(org.springframework.core.io.FileSystemResource)
ClassPathResource(org.springframework.core.io.ClassPathResource)
Example 2 with PrivateKeyFactoryBean
use of org.apereo.cas.util.crypto.PrivateKeyFactoryBean in project cas by apereo.
the class SamlIdPObjectEncrypter method configureKeyDecryptionCredential.
/**
* Configure key decryption credential credential.
*
* @param peerEntityId the peer entity id
* @param adaptor the adaptor
* @param service the service
* @param decryptionConfiguration the decryption configuration
* @return the credential
* @throws Exception the exception
*/
protected Credential configureKeyDecryptionCredential(final String peerEntityId, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service, final BasicDecryptionConfiguration decryptionConfiguration) throws Exception {
val mdCredentialResolver = new SamlIdPMetadataCredentialResolver();
val providers = new ArrayList<KeyInfoProvider>(5);
providers.add(new RSAKeyValueProvider());
providers.add(new DSAKeyValueProvider());
providers.add(new InlineX509DataProvider());
providers.add(new DEREncodedKeyValueProvider());
providers.add(new KeyInfoReferenceProvider());
val keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(providers);
mdCredentialResolver.setKeyInfoCredentialResolver(keyInfoResolver);
val roleDescriptorResolver = SamlIdPUtils.getRoleDescriptorResolver(adaptor, samlIdPProperties.getMetadata().getCore().isRequireValidMetadata());
mdCredentialResolver.setRoleDescriptorResolver(roleDescriptorResolver);
mdCredentialResolver.initialize();
val criteriaSet = new CriteriaSet();
criteriaSet.add(new DecryptionConfigurationCriterion(decryptionConfiguration));
criteriaSet.add(new EntityIdCriterion(peerEntityId));
criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
criteriaSet.add(new SamlIdPSamlRegisteredServiceCriterion(service));
LOGGER.debug("Attempting to resolve the decryption key for entity id [{}]", peerEntityId);
val credential = Objects.requireNonNull(mdCredentialResolver.resolveSingle(criteriaSet));
val encryptinKey = samlIdPMetadataLocator.resolveEncryptionKey(Optional.ofNullable(service));
val bean = new PrivateKeyFactoryBean();
bean.setSingleton(false);
bean.setLocation(encryptinKey);
val privateKey = Objects.requireNonNull(bean.getObject());
val basicCredential = new BasicCredential(Objects.requireNonNull(credential.getPublicKey()), privateKey);
decryptionConfiguration.setKEKKeyInfoCredentialResolver(new StaticKeyInfoCredentialResolver(basicCredential));
val list = new ArrayList<EncryptedKeyResolver>(3);
list.add(new InlineEncryptedKeyResolver());
list.add(new EncryptedElementTypeEncryptedKeyResolver());
list.add(new SimpleRetrievalMethodEncryptedKeyResolver());
val encryptedKeyResolver = new ChainingEncryptedKeyResolver(list);
decryptionConfiguration.setEncryptedKeyResolver(encryptedKeyResolver);
return credential;
}
Also used :
lombok.val(lombok.val)
UsageCriterion(org.opensaml.security.criteria.UsageCriterion)
RSAKeyValueProvider(org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider)
SamlIdPSamlRegisteredServiceCriterion(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion)
ArrayList(java.util.ArrayList)
EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion)
InlineX509DataProvider(org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider)
KeyInfoReferenceProvider(org.opensaml.xmlsec.keyinfo.impl.provider.KeyInfoReferenceProvider)
DecryptionConfigurationCriterion(org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion)
ChainingEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver)
SamlIdPMetadataCredentialResolver(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataCredentialResolver)
BasicProviderKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver)
SimpleRetrievalMethodEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver)
StaticKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver)
PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean)
EncryptedElementTypeEncryptedKeyResolver(org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver)
CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)
EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion)
DSAKeyValueProvider(org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider)
DEREncodedKeyValueProvider(org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider)
InlineEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver)
BasicCredential(org.opensaml.security.credential.BasicCredential)
Example 3 with PrivateKeyFactoryBean
use of org.apereo.cas.util.crypto.PrivateKeyFactoryBean in project cas by apereo.
the class EncodingUtilsTests method getPrivateKey.
@SneakyThrows
private static PrivateKey getPrivateKey() {
val factory = new PrivateKeyFactoryBean();
factory.setAlgorithm(RsaKeyUtil.RSA);
factory.setLocation(new ClassPathResource("keys/RSA2048Private.key"));
factory.setSingleton(false);
assertEquals(PrivateKey.class, factory.getObjectType());
return factory.getObject();
}
Also used :
lombok.val(lombok.val)
PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean)
ClassPathResource(org.springframework.core.io.ClassPathResource)
SneakyThrows(lombok.SneakyThrows)
Example 4 with PrivateKeyFactoryBean
use of org.apereo.cas.util.crypto.PrivateKeyFactoryBean in project cas by apereo.
the class DefaultSamlIdPObjectSigner method getSigningPrivateKey.
/**
* Gets signing private key.
*
* @param registeredService the registered service
* @return the signing private key
* @throws Exception the exception
*/
protected PrivateKey getSigningPrivateKey(final SamlRegisteredService registeredService) throws Exception {
val samlIdp = casProperties.getAuthn().getSamlIdp();
val signingKey = samlIdPMetadataLocator.resolveSigningKey(Optional.of(registeredService));
val privateKeyFactoryBean = new PrivateKeyFactoryBean();
privateKeyFactoryBean.setLocation(signingKey);
if (StringUtils.isBlank(registeredService.getSigningKeyAlgorithm())) {
privateKeyFactoryBean.setAlgorithm(samlIdp.getAlgs().getPrivateKeyAlgName());
} else {
privateKeyFactoryBean.setAlgorithm(registeredService.getSigningKeyAlgorithm());
}
privateKeyFactoryBean.setSingleton(false);
LOGGER.debug("Locating signature signing key for [{}] using algorithm [{}]", registeredService.getMetadataLocation(), privateKeyFactoryBean.getAlgorithm());
return privateKeyFactoryBean.getObject();
}
Also used :
lombok.val(lombok.val)
PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean)
Example 5 with PrivateKeyFactoryBean
use of org.apereo.cas.util.crypto.PrivateKeyFactoryBean in project cas by apereo.
the class Cas30ResponseViewTests method decryptCredential.
@SneakyThrows
private static String decryptCredential(final String cred) {
val factory = new PrivateKeyFactoryBean();
factory.setAlgorithm("RSA");
factory.setLocation(new ClassPathResource("keys/RSA4096Private.p8"));
factory.setSingleton(false);
val privateKey = factory.getObject();
LOGGER.debug("Initializing cipher based on [{}]", privateKey.getAlgorithm());
val cipher = Cipher.getInstance(privateKey.getAlgorithm());
LOGGER.debug("Decoding value [{}]", cred);
val cred64 = EncodingUtils.decodeBase64(cred);
LOGGER.debug("Initializing decrypt-mode via private key [{}]", privateKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
val cipherData = cipher.doFinal(cred64);
return new String(cipherData, StandardCharsets.UTF_8);
}
Also used :
lombok.val(lombok.val)
PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean)
ClassPathResource(org.springframework.core.io.ClassPathResource)
SneakyThrows(lombok.SneakyThrows)
Aggregations
PrivateKeyFactoryBean (org.apereo.cas.util.crypto.PrivateKeyFactoryBean)9
lombok.val (lombok.val)7
SneakyThrows (lombok.SneakyThrows)4
ClassPathResource (org.springframework.core.io.ClassPathResource)3
FileSystemResource (org.springframework.core.io.FileSystemResource)3
SamlIdPProperties (org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties)2
ArrayList (java.util.ArrayList)1
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)1
SamlIdPMetadataCredentialResolver (org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataCredentialResolver)1
SamlIdPSamlRegisteredServiceCriterion (org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion)1
EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)1
EntityRoleCriterion (org.opensaml.saml.criterion.EntityRoleCriterion)1
EncryptedElementTypeEncryptedKeyResolver (org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver)1
BasicCredential (org.opensaml.security.credential.BasicCredential)1
UsageCriterion (org.opensaml.security.criteria.UsageCriterion)1
DecryptionConfigurationCriterion (org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion)1
ChainingEncryptedKeyResolver (org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver)1
InlineEncryptedKeyResolver (org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver)1
SimpleRetrievalMethodEncryptedKeyResolver (org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver)1
BasicProviderKeyInfoCredentialResolver (org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver)1
