Examples with PublicJsonWebKey org.jose4j.jwk.PublicJsonWebKey used on opensource projects

Example 1 with PublicJsonWebKey

use of org.jose4j.jwk.PublicJsonWebKey in project kafka by apache.

the class ValidatorAccessTokenValidatorTest method testRsaEncryptionAlgorithm.

@Test
public void testRsaEncryptionAlgorithm() throws Exception {
    PublicJsonWebKey jwk = createRsaJwk();
    testEncryptionAlgorithm(jwk, AlgorithmIdentifiers.RSA_USING_SHA256);
}

Example 2 with PublicJsonWebKey

use of org.jose4j.jwk.PublicJsonWebKey in project cas by apereo.

the class BaseStringCipherExecutor method configureSigningParameters.

private void configureSigningParameters(final String secretKeySigning) {
    var signingKeyToUse = secretKeySigning;
    if (StringUtils.isBlank(signingKeyToUse)) {
        LOGGER.warn("Secret key for signing is not defined for [{}]. CAS will attempt to auto-generate the signing key", getName());
        signingKeyToUse = EncodingUtils.generateJsonWebKey(this.signingKeySize);
        val prop = String.format("%s=%s", getSigningKeySetting(), signingKeyToUse);
        // CHECKSTYLE:OFF
        LOGGER.warn("Generated signing key [{}] of size [{}] for [{}]. The generated key MUST be added to CAS settings:\n\n\t{}\n\n", signingKeyToUse, this.signingKeySize, getName(), prop);
    // CHECKSTYLE:ON
    } else {
        try {
            val jwk = (PublicJsonWebKey) EncodingUtils.newJsonWebKey(signingKeyToUse);
            LOGGER.trace("Parsed signing key as a JSON web key for [{}] with kid [{}]", getName(), jwk.getKeyId());
            if (jwk.getPrivateKey() == null) {
                val msg = "Provided signing key as a JSON web key does not carry a private key";
                LOGGER.error(msg);
                throw new RuntimeException(msg);
            }
            setSigningKey(jwk.getPrivateKey());
        } catch (final Exception e) {
            LOGGER.trace("Unable to recognize signing key for [{}] as a JSON web key: [{}].", getSigningKeySetting(), e.getMessage());
            LOGGER.debug("Using pre-defined signing key to use for [{}]", getSigningKeySetting());
        }
    }
    configureSigningKey(signingKeyToUse);
}

Example 3 with PublicJsonWebKey

use of org.jose4j.jwk.PublicJsonWebKey in project cas by apereo.

the class BaseOidcJsonWebKeyTokenSigningAndEncryptionService method getJsonWebKeySigningKey.

@Override
protected PublicJsonWebKey getJsonWebKeySigningKey() {
    val iss = issuerService.determineIssuer(Optional.empty());
    LOGGER.trace("Using issuer [{}] to locate JWK signing key", iss);
    val jwks = defaultJsonWebKeystoreCache.get(new OidcJsonWebKeyCacheKey(iss, OidcJsonWebKeyUsage.SIGNING));
    if (Objects.requireNonNull(jwks).isEmpty()) {
        throw new IllegalArgumentException("No signing key could be found for issuer " + iss);
    }
    return (PublicJsonWebKey) jwks.get().getJsonWebKeys().get(0);
}

Example 4 with PublicJsonWebKey

use of org.jose4j.jwk.PublicJsonWebKey in project cas by apereo.

the class OidcRegisteredServiceJwtAccessTokenCipherExecutor method getEncryptionKeyForDecryption.

private Key getEncryptionKeyForDecryption(final RegisteredService registeredService) {
    val svc = (OAuthRegisteredService) registeredService;
    if (svc instanceof OidcRegisteredService) {
        val jwks = Objects.requireNonNull(this.serviceJsonWebKeystoreCache.get(new OidcJsonWebKeyCacheKey(svc, OidcJsonWebKeyUsage.ENCRYPTION)));
        if (jwks.isEmpty()) {
            LOGGER.warn("Service " + svc.getServiceId() + " with client id " + svc.getClientId() + " is configured to encrypt tokens, yet no JSON web key is available");
            return null;
        }
        val jsonWebKey = (PublicJsonWebKey) jwks.get().getJsonWebKeys().get(0);
        LOGGER.debug("Found JSON web key to encrypt the token: [{}]", jsonWebKey);
        if (jsonWebKey.getPrivateKey() == null) {
            LOGGER.warn("JSON web key used to sign the token has no associated private key");
            return null;
        }
        return jsonWebKey.getPrivateKey();
    }
    return null;
}

Example 5 with PublicJsonWebKey

use of org.jose4j.jwk.PublicJsonWebKey in project cas by apereo.

the class BaseOidcJsonWebKeyTokenSigningAndEncryptionService method getJsonWebKeyForEncryption.

/**
 * Gets json web key for encryption.
 *
 * @param svc the svc
 * @return the json web key for encryption
 */
protected PublicJsonWebKey getJsonWebKeyForEncryption(final OAuthRegisteredService svc) {
    LOGGER.debug("Service [{}] is set to encrypt tokens", svc);
    val jwks = serviceJsonWebKeystoreCache.get(new OidcJsonWebKeyCacheKey(svc, OidcJsonWebKeyUsage.ENCRYPTION));
    if (Objects.requireNonNull(jwks).isEmpty()) {
        throw new IllegalArgumentException("Service " + svc.getServiceId() + " with client id " + svc.getClientId() + " is configured to encrypt tokens, yet no JSON web key is available to handle encryption");
    }
    val jsonWebKey = jwks.get().getJsonWebKeys().stream().filter(key -> OidcJsonWebKeystoreRotationService.JsonWebKeyLifecycleStates.getJsonWebKeyState(key).isCurrent()).min(Comparator.comparing(JsonWebKey::getKeyId)).orElseThrow(() -> new IllegalArgumentException("Unable to locate JSON web key for encryption that is marked as current"));
    LOGGER.debug("Found JSON web key to encrypt the token: [{}]", jsonWebKey);
    Objects.requireNonNull(jsonWebKey.getKey(), "JSON web key used to encrypt the token has no associated public key");
    return (PublicJsonWebKey) jsonWebKey;
}