Examples with JsonWebKeySet org.jose4j.jwk.JsonWebKeySet used on opensource projects

Example 26 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcGroovyJsonWebKeystoreGeneratorServiceTests method verifyStoreOperation.

@Test
public void verifyStoreOperation() throws Exception {
    val jwks = new JsonWebKeySet(OidcJsonWebKeystoreGeneratorService.generateJsonWebKey(casProperties.getAuthn().getOidc(), OidcJsonWebKeyUsage.ENCRYPTION));
    assertNotNull(oidcJsonWebKeystoreGeneratorService.store(jwks));
}

Example 27 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcRestfulJsonWebKeystoreGeneratorServiceTests method verifyOperation.

@Test
public void verifyOperation() throws Exception {
    val resource = oidcJsonWebKeystoreGeneratorService.generate();
    assertTrue(resource.exists());
    assertTrue(oidcJsonWebKeystoreGeneratorService.find().isPresent());
    val jwks = new JsonWebKeySet(OidcJsonWebKeystoreGeneratorService.generateJsonWebKey(casProperties.getAuthn().getOidc(), OidcJsonWebKeyUsage.SIGNING));
    assertNotNull(oidcJsonWebKeystoreGeneratorService.store(jwks));
}

Example 28 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcDefaultJsonWebKeystoreRotationService method rotate.

@Override
public JsonWebKeySet rotate() throws Exception {
    return whenKeystoreResourceExists().map(Unchecked.function(resource -> {
        LOGGER.trace("Rotating keys found in [{}]", resource);
        val jwksJson = IOUtils.toString(resource.getInputStream(), StandardCharsets.UTF_8);
        val jsonWebKeySet = new JsonWebKeySet(jwksJson);
        jsonWebKeySet.getJsonWebKeys().forEach(key -> {
            LOGGER.debug("Processing key [{}] to determine rotation eligibility", key.getKeyId());
            val state = JsonWebKeyLifecycleStates.getJsonWebKeyState(key);
            if (state == JsonWebKeyLifecycleStates.CURRENT) {
                JsonWebKeyLifecycleStates.setJsonWebKeyState(key, JsonWebKeyLifecycleStates.PREVIOUS);
                LOGGER.trace("Rotating state for current key [{}] to previous", key.getKeyId());
            }
            if (state == JsonWebKeyLifecycleStates.FUTURE) {
                JsonWebKeyLifecycleStates.setJsonWebKeyState(key, JsonWebKeyLifecycleStates.CURRENT);
                LOGGER.trace("Rotating state for future key [{}] to current", key.getKeyId());
            }
        });
        generateFutureKeys(jsonWebKeySet);
        generateCurrentKeys(jsonWebKeySet);
        return generatorService.store(jsonWebKeySet);
    })).orElse(null);
}

Example 29 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcJsonWebKeyStoreJacksonDeserializer method deserialize.

@Override
@SneakyThrows
public JsonWebKeySet deserialize(final JsonParser jp, final DeserializationContext ctx) {
    val mapper = (ObjectMapper) jp.getCodec();
    val node = mapper.readTree(jp);
    val json = mapper.writeValueAsString(node);
    return new JsonWebKeySet(json);
}

Example 30 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcPrivateKeyJwtAuthenticatorTests method verifyAction.

@Test
public void verifyAction() throws Exception {
    val auth = new OidcPrivateKeyJwtAuthenticator(servicesManager, registeredServiceAccessStrategyEnforcer, ticketRegistry, webApplicationServiceFactory, casProperties, applicationContext);
    val request = new MockHttpServletRequest();
    val response = new MockHttpServletResponse();
    val context = new JEEContext(request, response);
    val audience = casProperties.getServer().getPrefix().concat('/' + OidcConstants.BASE_OIDC_URL + '/' + OidcConstants.ACCESS_TOKEN_URL);
    val registeredService = getOidcRegisteredService();
    registeredService.setClientId(UUID.randomUUID().toString());
    val file = File.createTempFile("jwks-service", ".jwks");
    val core = casProperties.getAuthn().getOidc().getJwks().getCore();
    val jsonWebKey = OidcJsonWebKeyStoreUtils.generateJsonWebKey(core.getJwksType(), core.getJwksKeySize(), OidcJsonWebKeyUsage.SIGNING);
    jsonWebKey.setKeyId("cas-kid");
    val jsonWebKeySet = new JsonWebKeySet(jsonWebKey);
    val data = jsonWebKeySet.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE);
    FileUtils.write(file, data, StandardCharsets.UTF_8);
    registeredService.setJwks("file://" + file.getAbsolutePath());
    servicesManager.save(registeredService);
    val claims = getClaims(registeredService.getClientId(), registeredService.getClientId(), registeredService.getClientId(), audience);
    val webKeys = oidcServiceJsonWebKeystoreCache.get(new OidcJsonWebKeyCacheKey(registeredService, OidcJsonWebKeyUsage.SIGNING)).get();
    val key = (PublicJsonWebKey) webKeys.getJsonWebKeys().get(0);
    val jwt = EncodingUtils.signJwsRSASha512(key.getPrivateKey(), claims.toJson().getBytes(StandardCharsets.UTF_8), Map.of());
    val credentials = getCredential(request, OAuth20Constants.CLIENT_ASSERTION_TYPE_JWT_BEARER, new String(jwt, StandardCharsets.UTF_8), registeredService.getClientId());
    auth.validate(credentials, context, JEESessionStore.INSTANCE);
    assertNotNull(credentials.getUserProfile());
}