use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.
the class OidcGroovyJsonWebKeystoreGeneratorServiceTests method verifyStoreOperation.
@Test
public void verifyStoreOperation() throws Exception {
val jwks = new JsonWebKeySet(OidcJsonWebKeystoreGeneratorService.generateJsonWebKey(casProperties.getAuthn().getOidc(), OidcJsonWebKeyUsage.ENCRYPTION));
assertNotNull(oidcJsonWebKeystoreGeneratorService.store(jwks));
}
use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.
the class OidcRestfulJsonWebKeystoreGeneratorServiceTests method verifyOperation.
@Test
public void verifyOperation() throws Exception {
val resource = oidcJsonWebKeystoreGeneratorService.generate();
assertTrue(resource.exists());
assertTrue(oidcJsonWebKeystoreGeneratorService.find().isPresent());
val jwks = new JsonWebKeySet(OidcJsonWebKeystoreGeneratorService.generateJsonWebKey(casProperties.getAuthn().getOidc(), OidcJsonWebKeyUsage.SIGNING));
assertNotNull(oidcJsonWebKeystoreGeneratorService.store(jwks));
}
use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.
the class OidcDefaultJsonWebKeystoreRotationService method rotate.
@Override
public JsonWebKeySet rotate() throws Exception {
return whenKeystoreResourceExists().map(Unchecked.function(resource -> {
LOGGER.trace("Rotating keys found in [{}]", resource);
val jwksJson = IOUtils.toString(resource.getInputStream(), StandardCharsets.UTF_8);
val jsonWebKeySet = new JsonWebKeySet(jwksJson);
jsonWebKeySet.getJsonWebKeys().forEach(key -> {
LOGGER.debug("Processing key [{}] to determine rotation eligibility", key.getKeyId());
val state = JsonWebKeyLifecycleStates.getJsonWebKeyState(key);
if (state == JsonWebKeyLifecycleStates.CURRENT) {
JsonWebKeyLifecycleStates.setJsonWebKeyState(key, JsonWebKeyLifecycleStates.PREVIOUS);
LOGGER.trace("Rotating state for current key [{}] to previous", key.getKeyId());
}
if (state == JsonWebKeyLifecycleStates.FUTURE) {
JsonWebKeyLifecycleStates.setJsonWebKeyState(key, JsonWebKeyLifecycleStates.CURRENT);
LOGGER.trace("Rotating state for future key [{}] to current", key.getKeyId());
}
});
generateFutureKeys(jsonWebKeySet);
generateCurrentKeys(jsonWebKeySet);
return generatorService.store(jsonWebKeySet);
})).orElse(null);
}
use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.
the class OidcJsonWebKeyStoreJacksonDeserializer method deserialize.
@Override
@SneakyThrows
public JsonWebKeySet deserialize(final JsonParser jp, final DeserializationContext ctx) {
val mapper = (ObjectMapper) jp.getCodec();
val node = mapper.readTree(jp);
val json = mapper.writeValueAsString(node);
return new JsonWebKeySet(json);
}
use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.
the class OidcPrivateKeyJwtAuthenticatorTests method verifyAction.
@Test
public void verifyAction() throws Exception {
val auth = new OidcPrivateKeyJwtAuthenticator(servicesManager, registeredServiceAccessStrategyEnforcer, ticketRegistry, webApplicationServiceFactory, casProperties, applicationContext);
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
val context = new JEEContext(request, response);
val audience = casProperties.getServer().getPrefix().concat('/' + OidcConstants.BASE_OIDC_URL + '/' + OidcConstants.ACCESS_TOKEN_URL);
val registeredService = getOidcRegisteredService();
registeredService.setClientId(UUID.randomUUID().toString());
val file = File.createTempFile("jwks-service", ".jwks");
val core = casProperties.getAuthn().getOidc().getJwks().getCore();
val jsonWebKey = OidcJsonWebKeyStoreUtils.generateJsonWebKey(core.getJwksType(), core.getJwksKeySize(), OidcJsonWebKeyUsage.SIGNING);
jsonWebKey.setKeyId("cas-kid");
val jsonWebKeySet = new JsonWebKeySet(jsonWebKey);
val data = jsonWebKeySet.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE);
FileUtils.write(file, data, StandardCharsets.UTF_8);
registeredService.setJwks("file://" + file.getAbsolutePath());
servicesManager.save(registeredService);
val claims = getClaims(registeredService.getClientId(), registeredService.getClientId(), registeredService.getClientId(), audience);
val webKeys = oidcServiceJsonWebKeystoreCache.get(new OidcJsonWebKeyCacheKey(registeredService, OidcJsonWebKeyUsage.SIGNING)).get();
val key = (PublicJsonWebKey) webKeys.getJsonWebKeys().get(0);
val jwt = EncodingUtils.signJwsRSASha512(key.getPrivateKey(), claims.toJson().getBytes(StandardCharsets.UTF_8), Map.of());
val credentials = getCredential(request, OAuth20Constants.CLIENT_ASSERTION_TYPE_JWT_BEARER, new String(jwt, StandardCharsets.UTF_8), registeredService.getClientId());
auth.validate(credentials, context, JEESessionStore.INSTANCE);
assertNotNull(credentials.getUserProfile());
}
Aggregations