use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.
the class OidcJwksEndpointController method handleRequestInternal.
/**
* Handle request for jwk set.
*
* @param request the request
* @param response the response
* @param state the state
* @return the jwk set
*/
@GetMapping(value = { '/' + OidcConstants.BASE_OIDC_URL + '/' + OidcConstants.JWKS_URL, "/**/" + OidcConstants.JWKS_URL }, produces = MediaType.APPLICATION_JSON_VALUE)
@Operation(summary = "Produces the collection of keys from the keystore", parameters = { @Parameter(name = "state", description = "Filter keys by their state name", required = false) })
public ResponseEntity<String> handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response, @RequestParam(value = "state", required = false) final String state) {
val webContext = new JEEContext(request, response);
if (!getConfigurationContext().getOidcRequestSupport().isValidIssuerForEndpoint(webContext, OidcConstants.JWKS_URL)) {
return new ResponseEntity<>(HttpStatus.NOT_FOUND);
}
try {
val resource = oidcJsonWebKeystoreGeneratorService.generate();
val jsonJwks = IOUtils.toString(resource.getInputStream(), StandardCharsets.UTF_8);
val jsonWebKeySet = new JsonWebKeySet(jsonJwks);
val servicesManager = getConfigurationContext().getServicesManager();
servicesManager.getAllServicesOfType(OidcRegisteredService.class).stream().filter(s -> {
val serviceJwks = SpringExpressionLanguageValueResolver.getInstance().resolve(s.getJwks());
return StringUtils.isNotBlank(serviceJwks);
}).forEach(service -> {
val set = OidcJsonWebKeyStoreUtils.getJsonWebKeySet(service, getConfigurationContext().getApplicationContext(), Optional.empty());
set.ifPresent(keys -> keys.getJsonWebKeys().forEach(jsonWebKeySet::addJsonWebKey));
});
if (StringUtils.isNotBlank(state)) {
jsonWebKeySet.getJsonWebKeys().removeIf(key -> {
val st = OidcJsonWebKeystoreRotationService.JsonWebKeyLifecycleStates.getJsonWebKeyState(key).name();
return !state.equalsIgnoreCase(st);
});
}
val body = jsonWebKeySet.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY);
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
return new ResponseEntity<>(body, HttpStatus.OK);
} catch (final Exception e) {
LoggingUtils.error(LOGGER, e);
return new ResponseEntity<>(StringEscapeUtils.escapeHtml4(e.getMessage()), HttpStatus.BAD_REQUEST);
}
}
use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.
the class OidcDefaultJsonWebKeystoreCacheLoaderTests method verifyEmptyFile.
@Test
public void verifyEmptyFile() throws Exception {
val gen = mock(OidcJsonWebKeystoreGeneratorService.class);
when(gen.generate()).thenReturn(ResourceUtils.EMPTY_RESOURCE);
val loader = new OidcDefaultJsonWebKeystoreCacheLoader(gen);
assertTrue(loader.load(new OidcJsonWebKeyCacheKey("https://cas.example.org", OidcJsonWebKeyUsage.SIGNING)).isEmpty());
val file = File.createTempFile("keys", ".json");
FileUtils.writeStringToFile(file, new JsonWebKeySet(List.of()).toJson(), StandardCharsets.UTF_8);
when(gen.generate()).thenReturn(new FileSystemResource(file));
assertTrue(loader.load(new OidcJsonWebKeyCacheKey("https://cas.example.org", OidcJsonWebKeyUsage.SIGNING)).isEmpty());
}
use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.
the class OidcDefaultJsonWebKeystoreCacheLoaderTests method verifyNoWebKeys.
@Test
public void verifyNoWebKeys() {
val jwks = new JsonWebKeySet();
val loader = mock(OidcDefaultJsonWebKeystoreCacheLoader.class);
when(loader.buildJsonWebKeySet(any(OidcJsonWebKeyCacheKey.class))).thenReturn(Optional.of(jwks));
when(loader.load(any(OidcJsonWebKeyCacheKey.class))).thenCallRealMethod();
assertTrue(loader.load(new OidcJsonWebKeyCacheKey(UUID.randomUUID().toString(), OidcJsonWebKeyUsage.SIGNING)).isEmpty());
jwks.getJsonWebKeys().add(mock(JsonWebKey.class));
assertTrue(loader.load(new OidcJsonWebKeyCacheKey(UUID.randomUUID().toString(), OidcJsonWebKeyUsage.SIGNING)).isEmpty());
}
use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.
the class OidcJsonWebKeyStoreUtilsTests method verifyEmptyKeySet.
@Test
public void verifyEmptyKeySet() {
val service = getOidcRegisteredService();
service.setJwks(new JsonWebKeySet(List.of()).toJson());
assertTrue(OidcJsonWebKeyStoreUtils.getJsonWebKeySet(service, resourceLoader, Optional.of(OidcJsonWebKeyUsage.SIGNING)).isEmpty());
}
use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.
the class UmaRequestingPartyTokenJwksEndpointController method getKeys.
/**
* Gets JWKS used to sign RPTs.
*
* @param request the request
* @param response the response
* @return redirect view
*/
@GetMapping(value = '/' + OAuth20Constants.BASE_OAUTH20_URL + '/' + OAuth20Constants.UMA_JWKS_URL, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<String> getKeys(final HttpServletRequest request, final HttpServletResponse response) {
try {
val jwks = getUmaConfigurationContext().getCasProperties().getAuthn().getOauth().getUma().getRequestingPartyToken().getJwksFile().getLocation();
if (ResourceUtils.doesResourceExist(jwks)) {
val jsonJwks = IOUtils.toString(jwks.getInputStream(), StandardCharsets.UTF_8);
val jsonWebKeySet = new JsonWebKeySet(jsonJwks);
val body = jsonWebKeySet.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY);
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
return new ResponseEntity<>(body, HttpStatus.OK);
}
return new ResponseEntity<>("UMA RPT JWKS resource is undefined or cannot be located", HttpStatus.NOT_IMPLEMENTED);
} catch (final Exception e) {
LoggingUtils.error(LOGGER, e);
return new ResponseEntity<>(StringEscapeUtils.escapeHtml4(e.getMessage()), HttpStatus.BAD_REQUEST);
}
}
Aggregations