Search in sources :

Example 31 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcJwksEndpointController method handleRequestInternal.

/**
 * Handle request for jwk set.
 *
 * @param request  the request
 * @param response the response
 * @param state    the state
 * @return the jwk set
 */
@GetMapping(value = { '/' + OidcConstants.BASE_OIDC_URL + '/' + OidcConstants.JWKS_URL, "/**/" + OidcConstants.JWKS_URL }, produces = MediaType.APPLICATION_JSON_VALUE)
@Operation(summary = "Produces the collection of keys from the keystore", parameters = { @Parameter(name = "state", description = "Filter keys by their state name", required = false) })
public ResponseEntity<String> handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response, @RequestParam(value = "state", required = false) final String state) {
    val webContext = new JEEContext(request, response);
    if (!getConfigurationContext().getOidcRequestSupport().isValidIssuerForEndpoint(webContext, OidcConstants.JWKS_URL)) {
        return new ResponseEntity<>(HttpStatus.NOT_FOUND);
    }
    try {
        val resource = oidcJsonWebKeystoreGeneratorService.generate();
        val jsonJwks = IOUtils.toString(resource.getInputStream(), StandardCharsets.UTF_8);
        val jsonWebKeySet = new JsonWebKeySet(jsonJwks);
        val servicesManager = getConfigurationContext().getServicesManager();
        servicesManager.getAllServicesOfType(OidcRegisteredService.class).stream().filter(s -> {
            val serviceJwks = SpringExpressionLanguageValueResolver.getInstance().resolve(s.getJwks());
            return StringUtils.isNotBlank(serviceJwks);
        }).forEach(service -> {
            val set = OidcJsonWebKeyStoreUtils.getJsonWebKeySet(service, getConfigurationContext().getApplicationContext(), Optional.empty());
            set.ifPresent(keys -> keys.getJsonWebKeys().forEach(jsonWebKeySet::addJsonWebKey));
        });
        if (StringUtils.isNotBlank(state)) {
            jsonWebKeySet.getJsonWebKeys().removeIf(key -> {
                val st = OidcJsonWebKeystoreRotationService.JsonWebKeyLifecycleStates.getJsonWebKeyState(key).name();
                return !state.equalsIgnoreCase(st);
            });
        }
        val body = jsonWebKeySet.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY);
        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
        return new ResponseEntity<>(body, HttpStatus.OK);
    } catch (final Exception e) {
        LoggingUtils.error(LOGGER, e);
        return new ResponseEntity<>(StringEscapeUtils.escapeHtml4(e.getMessage()), HttpStatus.BAD_REQUEST);
    }
}
Also used : lombok.val(lombok.val) RequestParam(org.springframework.web.bind.annotation.RequestParam) StringUtils(org.apache.commons.lang3.StringUtils) OidcJsonWebKeystoreRotationService(org.apereo.cas.oidc.jwks.rotation.OidcJsonWebKeystoreRotationService) LoggingUtils(org.apereo.cas.util.LoggingUtils) Operation(io.swagger.v3.oas.annotations.Operation) HttpServletRequest(javax.servlet.http.HttpServletRequest) BaseOidcController(org.apereo.cas.oidc.web.controllers.BaseOidcController) GetMapping(org.springframework.web.bind.annotation.GetMapping) JEEContext(org.pac4j.core.context.JEEContext) OidcConstants(org.apereo.cas.oidc.OidcConstants) JsonWebKey(org.jose4j.jwk.JsonWebKey) MediaType(org.springframework.http.MediaType) lombok.val(lombok.val) HttpServletResponse(javax.servlet.http.HttpServletResponse) StringEscapeUtils(org.apache.commons.text.StringEscapeUtils) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet) StandardCharsets(java.nio.charset.StandardCharsets) OidcJsonWebKeystoreGeneratorService(org.apereo.cas.oidc.jwks.generator.OidcJsonWebKeystoreGeneratorService) OidcConfigurationContext(org.apereo.cas.oidc.OidcConfigurationContext) Parameter(io.swagger.v3.oas.annotations.Parameter) IOUtils(org.apache.commons.io.IOUtils) HttpStatus(org.springframework.http.HttpStatus) Slf4j(lombok.extern.slf4j.Slf4j) OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService) SpringExpressionLanguageValueResolver(org.apereo.cas.util.spring.SpringExpressionLanguageValueResolver) OidcJsonWebKeyStoreUtils(org.apereo.cas.oidc.jwks.OidcJsonWebKeyStoreUtils) Optional(java.util.Optional) ResponseEntity(org.springframework.http.ResponseEntity) ResponseEntity(org.springframework.http.ResponseEntity) OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService) JEEContext(org.pac4j.core.context.JEEContext) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet) GetMapping(org.springframework.web.bind.annotation.GetMapping) Operation(io.swagger.v3.oas.annotations.Operation)

Example 32 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcDefaultJsonWebKeystoreCacheLoaderTests method verifyEmptyFile.

@Test
public void verifyEmptyFile() throws Exception {
    val gen = mock(OidcJsonWebKeystoreGeneratorService.class);
    when(gen.generate()).thenReturn(ResourceUtils.EMPTY_RESOURCE);
    val loader = new OidcDefaultJsonWebKeystoreCacheLoader(gen);
    assertTrue(loader.load(new OidcJsonWebKeyCacheKey("https://cas.example.org", OidcJsonWebKeyUsage.SIGNING)).isEmpty());
    val file = File.createTempFile("keys", ".json");
    FileUtils.writeStringToFile(file, new JsonWebKeySet(List.of()).toJson(), StandardCharsets.UTF_8);
    when(gen.generate()).thenReturn(new FileSystemResource(file));
    assertTrue(loader.load(new OidcJsonWebKeyCacheKey("https://cas.example.org", OidcJsonWebKeyUsage.SIGNING)).isEmpty());
}
Also used : lombok.val(lombok.val) FileSystemResource(org.springframework.core.io.FileSystemResource) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet) Test(org.junit.jupiter.api.Test)

Example 33 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcDefaultJsonWebKeystoreCacheLoaderTests method verifyNoWebKeys.

@Test
public void verifyNoWebKeys() {
    val jwks = new JsonWebKeySet();
    val loader = mock(OidcDefaultJsonWebKeystoreCacheLoader.class);
    when(loader.buildJsonWebKeySet(any(OidcJsonWebKeyCacheKey.class))).thenReturn(Optional.of(jwks));
    when(loader.load(any(OidcJsonWebKeyCacheKey.class))).thenCallRealMethod();
    assertTrue(loader.load(new OidcJsonWebKeyCacheKey(UUID.randomUUID().toString(), OidcJsonWebKeyUsage.SIGNING)).isEmpty());
    jwks.getJsonWebKeys().add(mock(JsonWebKey.class));
    assertTrue(loader.load(new OidcJsonWebKeyCacheKey(UUID.randomUUID().toString(), OidcJsonWebKeyUsage.SIGNING)).isEmpty());
}
Also used : lombok.val(lombok.val) JsonWebKey(org.jose4j.jwk.JsonWebKey) PublicJsonWebKey(org.jose4j.jwk.PublicJsonWebKey) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet) Test(org.junit.jupiter.api.Test)

Example 34 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class OidcJsonWebKeyStoreUtilsTests method verifyEmptyKeySet.

@Test
public void verifyEmptyKeySet() {
    val service = getOidcRegisteredService();
    service.setJwks(new JsonWebKeySet(List.of()).toJson());
    assertTrue(OidcJsonWebKeyStoreUtils.getJsonWebKeySet(service, resourceLoader, Optional.of(OidcJsonWebKeyUsage.SIGNING)).isEmpty());
}
Also used : lombok.val(lombok.val) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet) Test(org.junit.jupiter.api.Test)

Example 35 with JsonWebKeySet

use of org.jose4j.jwk.JsonWebKeySet in project cas by apereo.

the class UmaRequestingPartyTokenJwksEndpointController method getKeys.

/**
 * Gets JWKS used to sign RPTs.
 *
 * @param request  the request
 * @param response the response
 * @return redirect view
 */
@GetMapping(value = '/' + OAuth20Constants.BASE_OAUTH20_URL + '/' + OAuth20Constants.UMA_JWKS_URL, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<String> getKeys(final HttpServletRequest request, final HttpServletResponse response) {
    try {
        val jwks = getUmaConfigurationContext().getCasProperties().getAuthn().getOauth().getUma().getRequestingPartyToken().getJwksFile().getLocation();
        if (ResourceUtils.doesResourceExist(jwks)) {
            val jsonJwks = IOUtils.toString(jwks.getInputStream(), StandardCharsets.UTF_8);
            val jsonWebKeySet = new JsonWebKeySet(jsonJwks);
            val body = jsonWebKeySet.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY);
            response.setContentType(MediaType.APPLICATION_JSON_VALUE);
            return new ResponseEntity<>(body, HttpStatus.OK);
        }
        return new ResponseEntity<>("UMA RPT JWKS resource is undefined or cannot be located", HttpStatus.NOT_IMPLEMENTED);
    } catch (final Exception e) {
        LoggingUtils.error(LOGGER, e);
        return new ResponseEntity<>(StringEscapeUtils.escapeHtml4(e.getMessage()), HttpStatus.BAD_REQUEST);
    }
}
Also used : lombok.val(lombok.val) ResponseEntity(org.springframework.http.ResponseEntity) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet) GetMapping(org.springframework.web.bind.annotation.GetMapping)

Aggregations

JsonWebKeySet (org.jose4j.jwk.JsonWebKeySet)35 lombok.val (lombok.val)24 Test (org.junit.jupiter.api.Test)14 StringUtils (org.apache.commons.lang3.StringUtils)7 RsaJsonWebKey (org.jose4j.jwk.RsaJsonWebKey)7 Optional (java.util.Optional)6 Slf4j (lombok.extern.slf4j.Slf4j)6 JsonWebKey (org.jose4j.jwk.JsonWebKey)6 PublicJsonWebKey (org.jose4j.jwk.PublicJsonWebKey)6 Resource (org.springframework.core.io.Resource)6 StandardCharsets (java.nio.charset.StandardCharsets)4 IOUtils (org.apache.commons.io.IOUtils)4 CacheLoader (com.github.benmanes.caffeine.cache.CacheLoader)3 RequiredArgsConstructor (lombok.RequiredArgsConstructor)3 SneakyThrows (lombok.SneakyThrows)3 OidcRegisteredService (org.apereo.cas.services.OidcRegisteredService)3 ResponseEntity (org.springframework.http.ResponseEntity)3 GetMapping (org.springframework.web.bind.annotation.GetMapping)3 IOException (java.io.IOException)2 Key (java.security.Key)2