Search in sources :

Example 11 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcJsonWebKeyStoreJacksonDeserializerTests method verifyOperation.

@Test
public void verifyOperation() throws Exception {
    val key = OidcJsonWebKeyStoreUtils.generateJsonWebKey("rsa", 2048, OidcJsonWebKeyUsage.SIGNING);
    val keyset = new JsonWebKeySet(key).toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE);
    val module = new SimpleModule();
    module.addDeserializer(JsonWebKeySet.class, new OidcJsonWebKeyStoreJacksonDeserializer());
    MAPPER.registerModule(module);
    assertNotNull(MAPPER.readValue(keyset, JsonWebKeySet.class));
}
Also used : lombok.val(lombok.val) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet) SimpleModule(com.fasterxml.jackson.databind.module.SimpleModule) Test(org.junit.jupiter.api.Test)

Example 12 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcRegisteredServiceJwtAccessTokenCipherExecutor method getEncryptionKey.

@Override
public Optional<String> getEncryptionKey(final RegisteredService registeredService) {
    if (!isEncryptionEnabledForRegisteredService(registeredService)) {
        return Optional.empty();
    }
    val svc = (OAuthRegisteredService) registeredService;
    val result = super.getEncryptionKey(registeredService);
    if (result.isPresent()) {
        return result;
    }
    if (svc instanceof OidcRegisteredService) {
        val jwks = Objects.requireNonNull(serviceJsonWebKeystoreCache.get(new OidcJsonWebKeyCacheKey(svc, OidcJsonWebKeyUsage.ENCRYPTION)));
        if (jwks.isEmpty()) {
            LOGGER.warn("Service " + svc.getServiceId() + " with client id " + svc.getClientId() + " is configured to encrypt tokens, yet no JSON web key is available");
            return Optional.empty();
        }
        val jsonWebKey = jwks.get();
        LOGGER.debug("Found JSON web key to encrypt the token: [{}]", jsonWebKey);
        val keys = jsonWebKey.getJsonWebKeys().stream().filter(key -> key.getKey() != null).collect(Collectors.toList());
        if (keys.isEmpty()) {
            LOGGER.warn("No valid JSON web keys used to sign the token can be found");
            return Optional.empty();
        }
        return Optional.of(new JsonWebKeySet(keys).toJson());
    }
    return result;
}
Also used : lombok.val(lombok.val) KeyManagementAlgorithmIdentifiers(org.jose4j.jwe.KeyManagementAlgorithmIdentifiers) Setter(lombok.Setter) OAuth20RegisteredServiceJwtAccessTokenCipherExecutor(org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20RegisteredServiceJwtAccessTokenCipherExecutor) Getter(lombok.Getter) RequiredArgsConstructor(lombok.RequiredArgsConstructor) StringUtils(org.apache.commons.lang3.StringUtils) CollectionUtils(org.apereo.cas.util.CollectionUtils) PublicJsonWebKey(org.jose4j.jwk.PublicJsonWebKey) OidcJsonWebKeyCacheKey(org.apereo.cas.oidc.jwks.OidcJsonWebKeyCacheKey) Unchecked(org.jooq.lambda.Unchecked) LoadingCache(com.github.benmanes.caffeine.cache.LoadingCache) JsonWebKey(org.jose4j.jwk.JsonWebKey) lombok.val(lombok.val) OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet) Collectors(java.util.stream.Collectors) RegisteredService(org.apereo.cas.services.RegisteredService) JwtTicketCipherExecutor(org.apereo.cas.token.cipher.JwtTicketCipherExecutor) Serializable(java.io.Serializable) Key(java.security.Key) Objects(java.util.Objects) Slf4j(lombok.extern.slf4j.Slf4j) OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService) OidcIssuerService(org.apereo.cas.oidc.issuer.OidcIssuerService) Optional(java.util.Optional) EncodingUtils(org.apereo.cas.util.EncodingUtils) OidcJsonWebKeyUsage(org.apereo.cas.oidc.jwks.OidcJsonWebKeyUsage) OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService) OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet) OidcJsonWebKeyCacheKey(org.apereo.cas.oidc.jwks.OidcJsonWebKeyCacheKey)

Example 13 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcDefaultJsonWebKeystoreCacheLoader method buildJsonWebKeySet.

/**
 * Build json web key set.
 *
 * @param cacheKey the cache key
 * @return the json web key set
 */
protected Optional<JsonWebKeySet> buildJsonWebKeySet(final OidcJsonWebKeyCacheKey cacheKey) {
    try {
        val resource = generateJwksResource();
        if (resource == null) {
            LOGGER.warn("Unable to load or generate a JWKS resource");
            return Optional.empty();
        }
        LOGGER.trace("Retrieving default JSON web key from [{}]", resource);
        val jsonWebKeySet = buildJsonWebKeySet(resource, cacheKey);
        if (jsonWebKeySet == null || jsonWebKeySet.getJsonWebKeys().isEmpty()) {
            LOGGER.warn("No JSON web keys could be found");
            return Optional.empty();
        }
        val badKeysCount = jsonWebKeySet.getJsonWebKeys().stream().filter(k -> StringUtils.isBlank(k.getAlgorithm()) && StringUtils.isBlank(k.getKeyId()) && StringUtils.isBlank(k.getKeyType())).count();
        if (badKeysCount == jsonWebKeySet.getJsonWebKeys().size()) {
            LOGGER.warn("No valid JSON web keys could be found. The keys that are found in the keystore " + "do not define an algorithm, key id or key type and cannot be used for JWKS operations.");
            return Optional.empty();
        }
        return Optional.of(jsonWebKeySet);
    } catch (final Exception e) {
        LoggingUtils.warn(LOGGER, e);
    }
    return Optional.empty();
}
Also used : lombok.val(lombok.val) Getter(lombok.Getter) CacheLoader(com.github.benmanes.caffeine.cache.CacheLoader) RequiredArgsConstructor(lombok.RequiredArgsConstructor) lombok.val(lombok.val) StringUtils(org.apache.commons.lang3.StringUtils) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet) Collectors(java.util.stream.Collectors) OidcJsonWebKeystoreGeneratorService(org.apereo.cas.oidc.jwks.generator.OidcJsonWebKeystoreGeneratorService) ArrayList(java.util.ArrayList) OidcJsonWebKeystoreRotationService(org.apereo.cas.oidc.jwks.rotation.OidcJsonWebKeystoreRotationService) LoggingUtils(org.apereo.cas.util.LoggingUtils) Slf4j(lombok.extern.slf4j.Slf4j) PublicJsonWebKey(org.jose4j.jwk.PublicJsonWebKey) Optional(java.util.Optional) Resource(org.springframework.core.io.Resource)

Example 14 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcJsonWebKeystoreGeneratorService method generateJsonWebKeySet.

/**
 * Generate json web key set json web key set.
 *
 * @param oidcProperties the oidc properties
 * @return the json web key set
 */
static JsonWebKeySet generateJsonWebKeySet(final OidcProperties oidcProperties) {
    val currentKeySigning = OidcJsonWebKeystoreGeneratorService.generateJsonWebKey(OidcJsonWebKeystoreRotationService.JsonWebKeyLifecycleStates.CURRENT, oidcProperties, OidcJsonWebKeyUsage.SIGNING);
    val currentKeyEncryption = OidcJsonWebKeystoreGeneratorService.generateJsonWebKey(OidcJsonWebKeystoreRotationService.JsonWebKeyLifecycleStates.CURRENT, oidcProperties, OidcJsonWebKeyUsage.ENCRYPTION);
    val futureKeySigning = OidcJsonWebKeystoreGeneratorService.generateJsonWebKey(OidcJsonWebKeystoreRotationService.JsonWebKeyLifecycleStates.FUTURE, oidcProperties, OidcJsonWebKeyUsage.SIGNING);
    val futureKeyEncryption = OidcJsonWebKeystoreGeneratorService.generateJsonWebKey(OidcJsonWebKeystoreRotationService.JsonWebKeyLifecycleStates.FUTURE, oidcProperties, OidcJsonWebKeyUsage.ENCRYPTION);
    return new JsonWebKeySet(currentKeySigning, currentKeyEncryption, futureKeySigning, futureKeyEncryption);
}
Also used : lombok.val(lombok.val) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet)

Example 15 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcMongoDbJsonWebKeystoreGeneratorService method find.

@Override
public Optional<Resource> find() throws Exception {
    val issuer = oidcProperties.getCore().getIssuer();
    val entity = mongoTemplate.findById(issuer, OidcJsonWebKeystoreEntity.class, oidcProperties.getJwks().getMongo().getCollection());
    return Optional.ofNullable(entity).map(Unchecked.function(jwks -> OidcJsonWebKeystoreGeneratorService.toResource(new JsonWebKeySet(jwks.getData()))));
}
Also used : lombok.val(lombok.val) Ordered(org.springframework.core.Ordered) Order(org.springframework.core.annotation.Order) Unchecked(org.jooq.lambda.Unchecked) JsonWebKey(org.jose4j.jwk.JsonWebKey) RequiredArgsConstructor(lombok.RequiredArgsConstructor) lombok.val(lombok.val) OidcJsonWebKeystoreEntity(org.apereo.cas.oidc.jwks.generator.OidcJsonWebKeystoreEntity) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet) OidcJsonWebKeystoreGeneratorService(org.apereo.cas.oidc.jwks.generator.OidcJsonWebKeystoreGeneratorService) Criteria(org.springframework.data.mongodb.core.query.Criteria) Query(org.springframework.data.mongodb.core.query.Query) OidcProperties(org.apereo.cas.configuration.model.support.oidc.OidcProperties) MongoOperations(org.springframework.data.mongodb.core.MongoOperations) Update(org.springframework.data.mongodb.core.query.Update) Optional(java.util.Optional) Resource(org.springframework.core.io.Resource) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet)

Aggregations

JsonWebKeySet (org.jose4j.jwk.JsonWebKeySet)35 lombok.val (lombok.val)24 Test (org.junit.jupiter.api.Test)14 StringUtils (org.apache.commons.lang3.StringUtils)7 RsaJsonWebKey (org.jose4j.jwk.RsaJsonWebKey)7 Optional (java.util.Optional)6 Slf4j (lombok.extern.slf4j.Slf4j)6 JsonWebKey (org.jose4j.jwk.JsonWebKey)6 PublicJsonWebKey (org.jose4j.jwk.PublicJsonWebKey)6 Resource (org.springframework.core.io.Resource)6 StandardCharsets (java.nio.charset.StandardCharsets)4 IOUtils (org.apache.commons.io.IOUtils)4 CacheLoader (com.github.benmanes.caffeine.cache.CacheLoader)3 RequiredArgsConstructor (lombok.RequiredArgsConstructor)3 SneakyThrows (lombok.SneakyThrows)3 OidcRegisteredService (org.apereo.cas.services.OidcRegisteredService)3 ResponseEntity (org.springframework.http.ResponseEntity)3 GetMapping (org.springframework.web.bind.annotation.GetMapping)3 IOException (java.io.IOException)2 Key (java.security.Key)2