Example 6 with PrivateKeyFactoryBean
use of org.apereo.cas.util.crypto.PrivateKeyFactoryBean in project cas by apereo.
the class BaseSamlObjectSigner method getSigningPrivateKey.
/**
* Gets signing private key.
*
* @return the signing private key
* @throws Exception the exception
*/
protected PrivateKey getSigningPrivateKey() throws Exception {
final SamlIdPProperties samlIdp = casProperties.getAuthn().getSamlIdp();
final PrivateKeyFactoryBean privateKeyFactoryBean = new PrivateKeyFactoryBean();
privateKeyFactoryBean.setLocation(new FileSystemResource(samlIdp.getMetadata().getSigningKeyFile().getFile()));
privateKeyFactoryBean.setAlgorithm(samlIdp.getMetadata().getPrivateKeyAlgName());
privateKeyFactoryBean.setSingleton(false);
LOGGER.debug("Locating signature signing key file from [{}]", samlIdp.getMetadata().getSigningKeyFile());
return privateKeyFactoryBean.getObject();
}
Also used :
SamlIdPProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties)
PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean)
FileSystemResource(org.springframework.core.io.FileSystemResource)
Example 7 with PrivateKeyFactoryBean
use of org.apereo.cas.util.crypto.PrivateKeyFactoryBean in project cas by apereo.
the class SamlIdPObjectSigner method getSigningPrivateKey.
/**
* Gets signing private key.
*
* @return the signing private key
* @throws Exception the exception
*/
protected PrivateKey getSigningPrivateKey() throws Exception {
final SamlIdPProperties samlIdp = casProperties.getAuthn().getSamlIdp();
final Resource signingKey = samlIdPMetadataLocator.getSigningKey();
final PrivateKeyFactoryBean privateKeyFactoryBean = new PrivateKeyFactoryBean();
privateKeyFactoryBean.setLocation(new FileSystemResource(signingKey.getFile()));
privateKeyFactoryBean.setAlgorithm(samlIdp.getMetadata().getPrivateKeyAlgName());
privateKeyFactoryBean.setSingleton(false);
LOGGER.debug("Locating signature signing key file from [{}]", signingKey);
return privateKeyFactoryBean.getObject();
}
Also used :
SamlIdPProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties)
PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean)
Resource(org.springframework.core.io.Resource)
FileSystemResource(org.springframework.core.io.FileSystemResource)
FileSystemResource(org.springframework.core.io.FileSystemResource)
Example 8 with PrivateKeyFactoryBean
use of org.apereo.cas.util.crypto.PrivateKeyFactoryBean in project cas by apereo.
the class DefaultDelegatedClientFactory method getOidcClientFrom.
@SneakyThrows
private OidcClient getOidcClientFrom(final Pac4jOidcClientProperties oidc) {
if (oidc.getAzure().isEnabled() && StringUtils.isNotBlank(oidc.getAzure().getId())) {
LOGGER.debug("Building OpenID Connect client for Azure AD...");
val azure = getOidcConfigurationForClient(oidc.getAzure(), AzureAdOidcConfiguration.class);
azure.setTenant(oidc.getAzure().getTenant());
val cfg = new AzureAdOidcConfiguration(azure);
val azureClient = new AzureAdClient(cfg);
configureClient(azureClient, oidc.getAzure());
return azureClient;
}
if (oidc.getGoogle().isEnabled() && StringUtils.isNotBlank(oidc.getGoogle().getId())) {
LOGGER.debug("Building OpenID Connect client for Google...");
val cfg = getOidcConfigurationForClient(oidc.getGoogle(), OidcConfiguration.class);
val googleClient = new GoogleOidcClient(cfg);
configureClient(googleClient, oidc.getGoogle());
return googleClient;
}
if (oidc.getKeycloak().isEnabled() && StringUtils.isNotBlank(oidc.getKeycloak().getId())) {
LOGGER.debug("Building OpenID Connect client for KeyCloak...");
val cfg = getOidcConfigurationForClient(oidc.getKeycloak(), KeycloakOidcConfiguration.class);
cfg.setRealm(oidc.getKeycloak().getRealm());
cfg.setBaseUri(oidc.getKeycloak().getBaseUri());
val kc = new KeycloakOidcClient(cfg);
configureClient(kc, oidc.getKeycloak());
return kc;
}
if (oidc.getApple().isEnabled() && StringUtils.isNotBlank(oidc.getApple().getPrivateKey())) {
LOGGER.debug("Building OpenID Connect client for Apple...");
val cfg = getOidcConfigurationForClient(oidc.getApple(), AppleOidcConfiguration.class);
val factory = new PrivateKeyFactoryBean();
factory.setAlgorithm("EC");
factory.setSingleton(false);
factory.setLocation(ResourceUtils.getResourceFrom(oidc.getApple().getPrivateKey()));
cfg.setPrivateKey((ECPrivateKey) factory.getObject());
cfg.setPrivateKeyID(oidc.getApple().getPrivateKeyId());
cfg.setTeamID(oidc.getApple().getTeamId());
cfg.setTimeout(Beans.newDuration(oidc.getApple().getTimeout()));
val kc = new AppleClient(cfg);
configureClient(kc, oidc.getApple());
return kc;
}
if (oidc.getGeneric().isEnabled()) {
LOGGER.debug("Building generic OpenID Connect client...");
val generic = getOidcConfigurationForClient(oidc.getGeneric(), OidcConfiguration.class);
val oc = new OidcClient(generic);
configureClient(oc, oidc.getGeneric());
return oc;
}
return null;
}
Also used :
lombok.val(lombok.val)
AzureAdOidcConfiguration(org.pac4j.oidc.config.AzureAdOidcConfiguration)
KeycloakOidcClient(org.pac4j.oidc.client.KeycloakOidcClient)
OidcClient(org.pac4j.oidc.client.OidcClient)
GoogleOidcClient(org.pac4j.oidc.client.GoogleOidcClient)
KeycloakOidcClient(org.pac4j.oidc.client.KeycloakOidcClient)
PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean)
AzureAdClient(org.pac4j.oidc.client.AzureAdClient)
GoogleOidcClient(org.pac4j.oidc.client.GoogleOidcClient)
AppleClient(org.pac4j.oidc.client.AppleClient)
SneakyThrows(lombok.SneakyThrows)
Example 9 with PrivateKeyFactoryBean
use of org.apereo.cas.util.crypto.PrivateKeyFactoryBean in project cas by apereo.
the class AbstractCipherExecutor method extractPrivateKeyFromResource.
/**
* Extract private key from resource private key.
*
* @param signingSecretKey the signing secret key
* @return the private key
*/
@SneakyThrows
public static PrivateKey extractPrivateKeyFromResource(final String signingSecretKey) {
LOGGER.debug("Attempting to extract private key...");
val resource = ResourceUtils.getResourceFrom(signingSecretKey);
val factory = new PrivateKeyFactoryBean();
factory.setAlgorithm(RsaKeyUtil.RSA);
factory.setLocation(resource);
factory.setSingleton(false);
return factory.getObject();
}
Also used :
lombok.val(lombok.val)
PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean)
SneakyThrows(lombok.SneakyThrows)
Aggregations
PrivateKeyFactoryBean (org.apereo.cas.util.crypto.PrivateKeyFactoryBean)9
lombok.val (lombok.val)7
SneakyThrows (lombok.SneakyThrows)4
ClassPathResource (org.springframework.core.io.ClassPathResource)3
FileSystemResource (org.springframework.core.io.FileSystemResource)3
SamlIdPProperties (org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties)2
ArrayList (java.util.ArrayList)1
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)1
SamlIdPMetadataCredentialResolver (org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataCredentialResolver)1
SamlIdPSamlRegisteredServiceCriterion (org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion)1
EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)1
EntityRoleCriterion (org.opensaml.saml.criterion.EntityRoleCriterion)1
EncryptedElementTypeEncryptedKeyResolver (org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver)1
BasicCredential (org.opensaml.security.credential.BasicCredential)1
UsageCriterion (org.opensaml.security.criteria.UsageCriterion)1
DecryptionConfigurationCriterion (org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion)1
ChainingEncryptedKeyResolver (org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver)1
InlineEncryptedKeyResolver (org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver)1
SimpleRetrievalMethodEncryptedKeyResolver (org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver)1
BasicProviderKeyInfoCredentialResolver (org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver)1
