use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.
the class OidcJsonWebKeyStoreJacksonDeserializerTests method verifyOperation.
@Test
public void verifyOperation() throws Exception {
val key = OidcJsonWebKeyStoreUtils.generateJsonWebKey("rsa", 2048, OidcJsonWebKeyUsage.SIGNING);
val keyset = new JsonWebKeySet(key).toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE);
val module = new SimpleModule();
module.addDeserializer(JsonWebKeySet.class, new OidcJsonWebKeyStoreJacksonDeserializer());
MAPPER.registerModule(module);
assertNotNull(MAPPER.readValue(keyset, JsonWebKeySet.class));
}
use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.
the class OidcRegisteredServiceJwtAccessTokenCipherExecutor method getEncryptionKey.
@Override
public Optional<String> getEncryptionKey(final RegisteredService registeredService) {
if (!isEncryptionEnabledForRegisteredService(registeredService)) {
return Optional.empty();
}
val svc = (OAuthRegisteredService) registeredService;
val result = super.getEncryptionKey(registeredService);
if (result.isPresent()) {
return result;
}
if (svc instanceof OidcRegisteredService) {
val jwks = Objects.requireNonNull(serviceJsonWebKeystoreCache.get(new OidcJsonWebKeyCacheKey(svc, OidcJsonWebKeyUsage.ENCRYPTION)));
if (jwks.isEmpty()) {
LOGGER.warn("Service " + svc.getServiceId() + " with client id " + svc.getClientId() + " is configured to encrypt tokens, yet no JSON web key is available");
return Optional.empty();
}
val jsonWebKey = jwks.get();
LOGGER.debug("Found JSON web key to encrypt the token: [{}]", jsonWebKey);
val keys = jsonWebKey.getJsonWebKeys().stream().filter(key -> key.getKey() != null).collect(Collectors.toList());
if (keys.isEmpty()) {
LOGGER.warn("No valid JSON web keys used to sign the token can be found");
return Optional.empty();
}
return Optional.of(new JsonWebKeySet(keys).toJson());
}
return result;
}
use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.
the class OidcDefaultJsonWebKeystoreCacheLoader method buildJsonWebKeySet.
/**
* Build json web key set.
*
* @param cacheKey the cache key
* @return the json web key set
*/
protected Optional<JsonWebKeySet> buildJsonWebKeySet(final OidcJsonWebKeyCacheKey cacheKey) {
try {
val resource = generateJwksResource();
if (resource == null) {
LOGGER.warn("Unable to load or generate a JWKS resource");
return Optional.empty();
}
LOGGER.trace("Retrieving default JSON web key from [{}]", resource);
val jsonWebKeySet = buildJsonWebKeySet(resource, cacheKey);
if (jsonWebKeySet == null || jsonWebKeySet.getJsonWebKeys().isEmpty()) {
LOGGER.warn("No JSON web keys could be found");
return Optional.empty();
}
val badKeysCount = jsonWebKeySet.getJsonWebKeys().stream().filter(k -> StringUtils.isBlank(k.getAlgorithm()) && StringUtils.isBlank(k.getKeyId()) && StringUtils.isBlank(k.getKeyType())).count();
if (badKeysCount == jsonWebKeySet.getJsonWebKeys().size()) {
LOGGER.warn("No valid JSON web keys could be found. The keys that are found in the keystore " + "do not define an algorithm, key id or key type and cannot be used for JWKS operations.");
return Optional.empty();
}
return Optional.of(jsonWebKeySet);
} catch (final Exception e) {
LoggingUtils.warn(LOGGER, e);
}
return Optional.empty();
}
use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.
the class OidcJsonWebKeystoreGeneratorService method generateJsonWebKeySet.
/**
* Generate json web key set json web key set.
*
* @param oidcProperties the oidc properties
* @return the json web key set
*/
static JsonWebKeySet generateJsonWebKeySet(final OidcProperties oidcProperties) {
val currentKeySigning = OidcJsonWebKeystoreGeneratorService.generateJsonWebKey(OidcJsonWebKeystoreRotationService.JsonWebKeyLifecycleStates.CURRENT, oidcProperties, OidcJsonWebKeyUsage.SIGNING);
val currentKeyEncryption = OidcJsonWebKeystoreGeneratorService.generateJsonWebKey(OidcJsonWebKeystoreRotationService.JsonWebKeyLifecycleStates.CURRENT, oidcProperties, OidcJsonWebKeyUsage.ENCRYPTION);
val futureKeySigning = OidcJsonWebKeystoreGeneratorService.generateJsonWebKey(OidcJsonWebKeystoreRotationService.JsonWebKeyLifecycleStates.FUTURE, oidcProperties, OidcJsonWebKeyUsage.SIGNING);
val futureKeyEncryption = OidcJsonWebKeystoreGeneratorService.generateJsonWebKey(OidcJsonWebKeystoreRotationService.JsonWebKeyLifecycleStates.FUTURE, oidcProperties, OidcJsonWebKeyUsage.ENCRYPTION);
return new JsonWebKeySet(currentKeySigning, currentKeyEncryption, futureKeySigning, futureKeyEncryption);
}
use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.
the class OidcMongoDbJsonWebKeystoreGeneratorService method find.
@Override
public Optional<Resource> find() throws Exception {
val issuer = oidcProperties.getCore().getIssuer();
val entity = mongoTemplate.findById(issuer, OidcJsonWebKeystoreEntity.class, oidcProperties.getJwks().getMongo().getCollection());
return Optional.ofNullable(entity).map(Unchecked.function(jwks -> OidcJsonWebKeystoreGeneratorService.toResource(new JsonWebKeySet(jwks.getData()))));
}
Aggregations