Example 1 with Base64RandomStringGenerator
use of org.apereo.cas.util.gen.Base64RandomStringGenerator in project cas by apereo.
the class GenerateCryptoKeysCommand method generateKey.
/**
* Generate key.
*
* @param name the name
*/
@CliCommand(value = "generate-key", help = "Generate signing/encryption crypto keys for CAS settings")
public void generateKey(@CliOption(key = { "group" }, help = "Property group that holds the key (i.e. cas.webflow). The group must have a child category of 'crypto'.", mandatory = true, specifiedDefaultValue = "", unspecifiedDefaultValue = "", optionContext = "Property name for that holds the key") final String name) {
/*
Because the command is used both from the shell and CLI,
we need to validate parameters again.
*/
if (StringUtils.isBlank(name)) {
LOGGER.warn("No property/setting name is specified for signing/encryption key generation.");
return;
}
final CasConfigurationMetadataRepository repository = new CasConfigurationMetadataRepository();
final String cryptoGroup = name.concat(".crypto");
repository.getRepository().getAllGroups().entrySet().stream().filter(e -> e.getKey().startsWith(cryptoGroup)).forEach(e -> {
final ConfigurationMetadataGroup grp = e.getValue();
grp.getSources().forEach(Unchecked.biConsumer((k, v) -> {
final Object obj = ClassUtils.getClass(k, true).getDeclaredConstructor().newInstance();
if (obj instanceof EncryptionJwtSigningJwtCryptographyProperties) {
final EncryptionJwtSigningJwtCryptographyProperties crypto = (EncryptionJwtSigningJwtCryptographyProperties) obj;
LOGGER.info(cryptoGroup.concat(".encryption.key=" + EncodingUtils.generateJsonWebKey(crypto.getEncryption().getKeySize())));
LOGGER.info(cryptoGroup.concat(".signing.key=" + EncodingUtils.generateJsonWebKey(crypto.getSigning().getKeySize())));
} else if (obj instanceof EncryptionRandomizedSigningJwtCryptographyProperties) {
final EncryptionRandomizedSigningJwtCryptographyProperties crypto = (EncryptionRandomizedSigningJwtCryptographyProperties) obj;
final String encKey = new Base64RandomStringGenerator(crypto.getEncryption().getKeySize()).getNewString();
LOGGER.info(cryptoGroup.concat(".encryption.key=" + encKey));
LOGGER.info(cryptoGroup.concat(".signing.key=" + EncodingUtils.generateJsonWebKey(crypto.getSigning().getKeySize())));
}
}));
});
}
Also used :
CliCommand(org.springframework.shell.core.annotation.CliCommand)
Unchecked(org.jooq.lambda.Unchecked)
StringUtils(org.apache.commons.lang3.StringUtils)
CliOption(org.springframework.shell.core.annotation.CliOption)
ClassUtils(org.apache.commons.lang3.ClassUtils)
CasConfigurationMetadataRepository(org.apereo.cas.metadata.CasConfigurationMetadataRepository)
Slf4j(lombok.extern.slf4j.Slf4j)
EncryptionJwtSigningJwtCryptographyProperties(org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties)
Service(org.springframework.stereotype.Service)
Base64RandomStringGenerator(org.apereo.cas.util.gen.Base64RandomStringGenerator)
EncodingUtils(org.apereo.cas.util.EncodingUtils)
ConfigurationMetadataGroup(org.springframework.boot.configurationmetadata.ConfigurationMetadataGroup)
EncryptionRandomizedSigningJwtCryptographyProperties(org.apereo.cas.configuration.model.core.util.EncryptionRandomizedSigningJwtCryptographyProperties)
CommandMarker(org.springframework.shell.core.CommandMarker)
CasConfigurationMetadataRepository(org.apereo.cas.metadata.CasConfigurationMetadataRepository)
Base64RandomStringGenerator(org.apereo.cas.util.gen.Base64RandomStringGenerator)
ConfigurationMetadataGroup(org.springframework.boot.configurationmetadata.ConfigurationMetadataGroup)
EncryptionJwtSigningJwtCryptographyProperties(org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties)
EncryptionRandomizedSigningJwtCryptographyProperties(org.apereo.cas.configuration.model.core.util.EncryptionRandomizedSigningJwtCryptographyProperties)
CliCommand(org.springframework.shell.core.annotation.CliCommand)
Example 2 with Base64RandomStringGenerator
use of org.apereo.cas.util.gen.Base64RandomStringGenerator in project cas by apereo.
the class BaseBinaryCipherExecutor method ensureEncryptionKeyExists.
private void ensureEncryptionKeyExists(final String encryptionSecretKey, final int encryptionKeySize) {
final byte[] encryptionKey;
if (StringUtils.isBlank(encryptionSecretKey)) {
LOGGER.warn("Secret key for encryption is not defined under [{}]. CAS will attempt to auto-generate the encryption key", getEncryptionKeySetting());
final String key = new Base64RandomStringGenerator(encryptionKeySize).getNewString();
LOGGER.warn("Generated encryption key [{}] of size [{}]. The generated key MUST be added to CAS settings under setting [{}].", key, encryptionKeySize, getEncryptionKeySetting());
encryptionKey = EncodingUtils.decodeBase64(key);
} else {
final boolean base64 = EncodingUtils.isBase64(encryptionSecretKey);
byte[] key = new byte[0];
if (base64) {
key = EncodingUtils.decodeBase64(encryptionSecretKey);
}
if (base64 && key.length == encryptionKeySize) {
LOGGER.debug("Secret key for encryption defined under [{}] is Base64 encoded.", getEncryptionKeySetting());
encryptionKey = key;
} else if (encryptionSecretKey.length() != encryptionKeySize) {
LOGGER.warn("Secret key for encryption defined under [{}] is Base64 encoded but the size does not match the key size [{}].", getEncryptionKeySetting(), encryptionKeySize);
encryptionKey = encryptionSecretKey.getBytes(StandardCharsets.UTF_8);
} else {
LOGGER.warn("Secret key for encryption defined under [{}] is not Base64 encoded. Clear the setting to regenerate (Recommended) or replace with" + " [{}].", getEncryptionKeySetting(), EncodingUtils.encodeBase64(encryptionSecretKey));
encryptionKey = encryptionSecretKey.getBytes(StandardCharsets.UTF_8);
}
}
this.encryptionSecretKey = encryptionKey;
}
Also used :
Base64RandomStringGenerator(org.apereo.cas.util.gen.Base64RandomStringGenerator)
Example 3 with Base64RandomStringGenerator
use of org.apereo.cas.util.gen.Base64RandomStringGenerator in project cas by apereo.
the class DefaultUniqueTicketIdGenerator method setMaxLength.
/**
* Sets max length of id generation.
*
* @param maxLength the max length
*/
public void setMaxLength(final int maxLength) {
this.randomStringGenerator = new Base64RandomStringGenerator(maxLength);
this.numericGenerator = new DefaultLongNumericGenerator(1);
}
Also used :
DefaultLongNumericGenerator(org.apereo.cas.util.gen.DefaultLongNumericGenerator)
Base64RandomStringGenerator(org.apereo.cas.util.gen.Base64RandomStringGenerator)
Aggregations
Base64RandomStringGenerator (org.apereo.cas.util.gen.Base64RandomStringGenerator)3
Slf4j (lombok.extern.slf4j.Slf4j)1
ClassUtils (org.apache.commons.lang3.ClassUtils)1
StringUtils (org.apache.commons.lang3.StringUtils)1
EncryptionJwtSigningJwtCryptographyProperties (org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties)1
EncryptionRandomizedSigningJwtCryptographyProperties (org.apereo.cas.configuration.model.core.util.EncryptionRandomizedSigningJwtCryptographyProperties)1
CasConfigurationMetadataRepository (org.apereo.cas.metadata.CasConfigurationMetadataRepository)1
EncodingUtils (org.apereo.cas.util.EncodingUtils)1
DefaultLongNumericGenerator (org.apereo.cas.util.gen.DefaultLongNumericGenerator)1
Unchecked (org.jooq.lambda.Unchecked)1
ConfigurationMetadataGroup (org.springframework.boot.configurationmetadata.ConfigurationMetadataGroup)1
CommandMarker (org.springframework.shell.core.CommandMarker)1
CliCommand (org.springframework.shell.core.annotation.CliCommand)1
CliOption (org.springframework.shell.core.annotation.CliOption)1
Service (org.springframework.stereotype.Service)1
