Search in sources :

Example 26 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcGroovyJsonWebKeystoreGeneratorServiceTests method verifyStoreOperation.

@Test
public void verifyStoreOperation() throws Exception {
    val jwks = new JsonWebKeySet(OidcJsonWebKeystoreGeneratorService.generateJsonWebKey(casProperties.getAuthn().getOidc(), OidcJsonWebKeyUsage.ENCRYPTION));
    assertNotNull(oidcJsonWebKeystoreGeneratorService.store(jwks));
}
Also used : lombok.val(lombok.val) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet) Test(org.junit.jupiter.api.Test)

Example 27 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcRestfulJsonWebKeystoreGeneratorServiceTests method verifyOperation.

@Test
public void verifyOperation() throws Exception {
    val resource = oidcJsonWebKeystoreGeneratorService.generate();
    assertTrue(resource.exists());
    assertTrue(oidcJsonWebKeystoreGeneratorService.find().isPresent());
    val jwks = new JsonWebKeySet(OidcJsonWebKeystoreGeneratorService.generateJsonWebKey(casProperties.getAuthn().getOidc(), OidcJsonWebKeyUsage.SIGNING));
    assertNotNull(oidcJsonWebKeystoreGeneratorService.store(jwks));
}
Also used : lombok.val(lombok.val) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet) Test(org.junit.jupiter.api.Test)

Example 28 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcDefaultJsonWebKeystoreRotationService method rotate.

@Override
public JsonWebKeySet rotate() throws Exception {
    return whenKeystoreResourceExists().map(Unchecked.function(resource -> {
        LOGGER.trace("Rotating keys found in [{}]", resource);
        val jwksJson = IOUtils.toString(resource.getInputStream(), StandardCharsets.UTF_8);
        val jsonWebKeySet = new JsonWebKeySet(jwksJson);
        jsonWebKeySet.getJsonWebKeys().forEach(key -> {
            LOGGER.debug("Processing key [{}] to determine rotation eligibility", key.getKeyId());
            val state = JsonWebKeyLifecycleStates.getJsonWebKeyState(key);
            if (state == JsonWebKeyLifecycleStates.CURRENT) {
                JsonWebKeyLifecycleStates.setJsonWebKeyState(key, JsonWebKeyLifecycleStates.PREVIOUS);
                LOGGER.trace("Rotating state for current key [{}] to previous", key.getKeyId());
            }
            if (state == JsonWebKeyLifecycleStates.FUTURE) {
                JsonWebKeyLifecycleStates.setJsonWebKeyState(key, JsonWebKeyLifecycleStates.CURRENT);
                LOGGER.trace("Rotating state for future key [{}] to current", key.getKeyId());
            }
        });
        generateFutureKeys(jsonWebKeySet);
        generateCurrentKeys(jsonWebKeySet);
        return generatorService.store(jsonWebKeySet);
    })).orElse(null);
}
Also used : lombok.val(lombok.val) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet)

Example 29 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcJsonWebKeyStoreJacksonDeserializer method deserialize.

@Override
@SneakyThrows
public JsonWebKeySet deserialize(final JsonParser jp, final DeserializationContext ctx) {
    val mapper = (ObjectMapper) jp.getCodec();
    val node = mapper.readTree(jp);
    val json = mapper.writeValueAsString(node);
    return new JsonWebKeySet(json);
}
Also used : lombok.val(lombok.val) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) SneakyThrows(lombok.SneakyThrows)

Example 30 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcPrivateKeyJwtAuthenticatorTests method verifyAction.

@Test
public void verifyAction() throws Exception {
    val auth = new OidcPrivateKeyJwtAuthenticator(servicesManager, registeredServiceAccessStrategyEnforcer, ticketRegistry, webApplicationServiceFactory, casProperties, applicationContext);
    val request = new MockHttpServletRequest();
    val response = new MockHttpServletResponse();
    val context = new JEEContext(request, response);
    val audience = casProperties.getServer().getPrefix().concat('/' + OidcConstants.BASE_OIDC_URL + '/' + OidcConstants.ACCESS_TOKEN_URL);
    val registeredService = getOidcRegisteredService();
    registeredService.setClientId(UUID.randomUUID().toString());
    val file = File.createTempFile("jwks-service", ".jwks");
    val core = casProperties.getAuthn().getOidc().getJwks().getCore();
    val jsonWebKey = OidcJsonWebKeyStoreUtils.generateJsonWebKey(core.getJwksType(), core.getJwksKeySize(), OidcJsonWebKeyUsage.SIGNING);
    jsonWebKey.setKeyId("cas-kid");
    val jsonWebKeySet = new JsonWebKeySet(jsonWebKey);
    val data = jsonWebKeySet.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE);
    FileUtils.write(file, data, StandardCharsets.UTF_8);
    registeredService.setJwks("file://" + file.getAbsolutePath());
    servicesManager.save(registeredService);
    val claims = getClaims(registeredService.getClientId(), registeredService.getClientId(), registeredService.getClientId(), audience);
    val webKeys = oidcServiceJsonWebKeystoreCache.get(new OidcJsonWebKeyCacheKey(registeredService, OidcJsonWebKeyUsage.SIGNING)).get();
    val key = (PublicJsonWebKey) webKeys.getJsonWebKeys().get(0);
    val jwt = EncodingUtils.signJwsRSASha512(key.getPrivateKey(), claims.toJson().getBytes(StandardCharsets.UTF_8), Map.of());
    val credentials = getCredential(request, OAuth20Constants.CLIENT_ASSERTION_TYPE_JWT_BEARER, new String(jwt, StandardCharsets.UTF_8), registeredService.getClientId());
    auth.validate(credentials, context, JEESessionStore.INSTANCE);
    assertNotNull(credentials.getUserProfile());
}
Also used : lombok.val(lombok.val) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) JEEContext(org.pac4j.core.context.JEEContext) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) OidcJsonWebKeyCacheKey(org.apereo.cas.oidc.jwks.OidcJsonWebKeyCacheKey) PublicJsonWebKey(org.jose4j.jwk.PublicJsonWebKey) Test(org.junit.jupiter.api.Test)

Aggregations

JsonWebKeySet (org.jose4j.jwk.JsonWebKeySet)35 lombok.val (lombok.val)24 Test (org.junit.jupiter.api.Test)14 StringUtils (org.apache.commons.lang3.StringUtils)7 RsaJsonWebKey (org.jose4j.jwk.RsaJsonWebKey)7 Optional (java.util.Optional)6 Slf4j (lombok.extern.slf4j.Slf4j)6 JsonWebKey (org.jose4j.jwk.JsonWebKey)6 PublicJsonWebKey (org.jose4j.jwk.PublicJsonWebKey)6 Resource (org.springframework.core.io.Resource)6 StandardCharsets (java.nio.charset.StandardCharsets)4 IOUtils (org.apache.commons.io.IOUtils)4 CacheLoader (com.github.benmanes.caffeine.cache.CacheLoader)3 RequiredArgsConstructor (lombok.RequiredArgsConstructor)3 SneakyThrows (lombok.SneakyThrows)3 OidcRegisteredService (org.apereo.cas.services.OidcRegisteredService)3 ResponseEntity (org.springframework.http.ResponseEntity)3 GetMapping (org.springframework.web.bind.annotation.GetMapping)3 IOException (java.io.IOException)2 Key (java.security.Key)2