Example 1 with AesKey
use of org.jose4j.keys.AesKey in project cas by apereo.
the class AccepttoApiUtils method buildAuthorizationHeaderPayloadForAuthentication.
private static String buildAuthorizationHeaderPayloadForAuthentication(final AccepttoMultifactorAuthenticationProperties acceptto) {
val claims = new JwtClaims();
claims.setClaim("uid", acceptto.getOrganizationId());
claims.setExpirationTimeMinutesInTheFuture(1);
val payload = claims.toJson();
LOGGER.trace("Authorization payload is [{}]", payload);
val signingKey = new AesKey(acceptto.getOrganizationSecret().getBytes(StandardCharsets.UTF_8));
LOGGER.trace("Signing authorization payload...");
val signedBytes = EncodingUtils.signJwsHMACSha256(signingKey, payload.getBytes(StandardCharsets.UTF_8), Map.of());
val authzPayload = new String(signedBytes, StandardCharsets.UTF_8);
LOGGER.trace("Signed authorization payload is [{}]", authzPayload);
return authzPayload;
}
Also used :
lombok.val(lombok.val)
JwtClaims(org.jose4j.jwt.JwtClaims)
AesKey(org.jose4j.keys.AesKey)
Example 2 with AesKey
use of org.jose4j.keys.AesKey in project cas by apereo.
the class AbstractCipherExecutor method configureSigningKey.
/**
* Sets signing key. If the key provided is resolved as a private key,
* then will create use the private key as is, and will sign values
* using RSA. Otherwise, AES is used.
*
* @param signingSecretKey the signing secret key
*/
protected void configureSigningKey(final String signingSecretKey) {
try {
if (ResourceUtils.doesResourceExist(signingSecretKey)) {
configureSigningKeyFromPrivateKeyResource(signingSecretKey);
}
} finally {
if (this.signingKey == null) {
setSigningKey(new AesKey(signingSecretKey.getBytes(StandardCharsets.UTF_8)));
LOGGER.trace("Created signing key instance [{}] based on provided secret key", this.signingKey.getClass().getSimpleName());
}
}
}
Also used :
AesKey(org.jose4j.keys.AesKey)
Example 3 with AesKey
use of org.jose4j.keys.AesKey in project cas by apereo.
the class EncodingUtilsTests method verifyAesKeyForJwtSigning.
@Test
public void verifyAesKeyForJwtSigning() {
val secret = EncodingUtils.generateJsonWebKey(512);
val key = new AesKey(secret.getBytes(StandardCharsets.UTF_8));
val value = "ThisValue";
val signed = EncodingUtils.signJwsHMACSha512(key, value.getBytes(StandardCharsets.UTF_8), Map.of());
val jwt = EncodingUtils.verifyJwsSignature(key, signed);
val result = new String(jwt, StandardCharsets.UTF_8);
assertEquals(value, result);
}Example 4 with AesKey
use of org.jose4j.keys.AesKey in project cas by apereo.
the class OidcClientSecretJwtAuthenticatorTests method verifyDisabledServiceAction.
@Test
public void verifyDisabledServiceAction() throws Exception {
val auth = new OidcClientSecretJwtAuthenticator(servicesManager, registeredServiceAccessStrategyEnforcer, ticketRegistry, webApplicationServiceFactory, casProperties, applicationContext);
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
val context = new JEEContext(request, response);
val audience = casProperties.getServer().getPrefix().concat('/' + OidcConstants.BASE_OIDC_URL + '/' + OidcConstants.ACCESS_TOKEN_URL);
val registeredService = getOidcRegisteredService(UUID.randomUUID().toString());
registeredService.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy().setEnabled(false));
servicesManager.save(registeredService);
val claims = getClaims(registeredService.getClientId(), registeredService.getClientId(), registeredService.getClientId(), audience);
val key = EncodingUtils.generateJsonWebKey(512);
val jwt = EncodingUtils.signJwsHMACSha512(new AesKey(key.getBytes(StandardCharsets.UTF_8)), claims.toJson().getBytes(StandardCharsets.UTF_8), Map.of());
val credentials = getCredentials(request, OAuth20Constants.CLIENT_ASSERTION_TYPE_JWT_BEARER, new String(jwt, StandardCharsets.UTF_8), registeredService.getClientId());
auth.validate(credentials, context, JEESessionStore.INSTANCE);
assertNull(credentials.getUserProfile());
}
Also used :
lombok.val(lombok.val)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
JEEContext(org.pac4j.core.context.JEEContext)
DefaultRegisteredServiceAccessStrategy(org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
AesKey(org.jose4j.keys.AesKey)
Test(org.junit.jupiter.api.Test)
Example 5 with AesKey
use of org.jose4j.keys.AesKey in project cas by apereo.
the class OidcClientSecretJwtAuthenticatorTests method verifyAction.
@Test
public void verifyAction() throws Exception {
val auth = new OidcClientSecretJwtAuthenticator(servicesManager, registeredServiceAccessStrategyEnforcer, ticketRegistry, webApplicationServiceFactory, casProperties, applicationContext);
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
val context = new JEEContext(request, response);
val audience = casProperties.getServer().getPrefix().concat('/' + OidcConstants.BASE_OIDC_URL + '/' + OidcConstants.ACCESS_TOKEN_URL);
val registeredService = getOidcRegisteredService();
val claims = getClaims(registeredService.getClientId(), registeredService.getClientId(), registeredService.getClientId(), audience);
val key = EncodingUtils.generateJsonWebKey(512);
val jwt = EncodingUtils.signJwsHMACSha512(new AesKey(key.getBytes(StandardCharsets.UTF_8)), claims.toJson().getBytes(StandardCharsets.UTF_8), Map.of());
val credentials = getCredentials(request, OAuth20Constants.CLIENT_ASSERTION_TYPE_JWT_BEARER, new String(jwt, StandardCharsets.UTF_8), registeredService.getClientId());
auth.validate(credentials, context, JEESessionStore.INSTANCE);
assertNotNull(credentials.getUserProfile());
}
Also used :
lombok.val(lombok.val)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
JEEContext(org.pac4j.core.context.JEEContext)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
AesKey(org.jose4j.keys.AesKey)
Test(org.junit.jupiter.api.Test)
Aggregations
AesKey (org.jose4j.keys.AesKey)5
lombok.val (lombok.val)4
Test (org.junit.jupiter.api.Test)3
JEEContext (org.pac4j.core.context.JEEContext)2
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2
DefaultRegisteredServiceAccessStrategy (org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy)1
JwtClaims (org.jose4j.jwt.JwtClaims)1
