Example 11 with SecretEncryptionConfiguration
use of org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration in project pac4j by pac4j.
the class JwtTests method testGenerateAuthenticateNotSigned.
@Test
public void testGenerateAuthenticateNotSigned() {
final JwtGenerator<FacebookProfile> generator = new JwtGenerator<>();
generator.setEncryptionConfiguration(new SecretEncryptionConfiguration(MAC_SECRET));
final FacebookProfile profile = createProfile();
final String token = generator.generate(profile);
assertToken(profile, token);
}
Also used :
JwtGenerator(org.pac4j.jwt.profile.JwtGenerator)
SecretEncryptionConfiguration(org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration)
FacebookProfile(org.pac4j.oauth.profile.facebook.FacebookProfile)
Test(org.junit.Test)
Example 12 with SecretEncryptionConfiguration
use of org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration in project pac4j by pac4j.
the class JwtTests method testGenerateAuthenticateUselessSignatureConfiguration.
@Test
public void testGenerateAuthenticateUselessSignatureConfiguration() {
final SignatureConfiguration signatureConfiguration = new SecretSignatureConfiguration(KEY2);
final SignatureConfiguration signatureConfiguration2 = new SecretSignatureConfiguration(MAC_SECRET);
final EncryptionConfiguration encryptionConfiguration = new SecretEncryptionConfiguration(MAC_SECRET);
final JwtGenerator<FacebookProfile> generator = new JwtGenerator<>(signatureConfiguration, encryptionConfiguration);
final FacebookProfile profile = createProfile();
final String token = generator.generate(profile);
final JwtAuthenticator jwtAuthenticator = new JwtAuthenticator();
jwtAuthenticator.addSignatureConfiguration(signatureConfiguration);
jwtAuthenticator.addSignatureConfiguration(signatureConfiguration2);
jwtAuthenticator.setEncryptionConfiguration(encryptionConfiguration);
assertToken(profile, token, jwtAuthenticator);
}
Also used :
JwtGenerator(org.pac4j.jwt.profile.JwtGenerator)
SecretSignatureConfiguration(org.pac4j.jwt.config.signature.SecretSignatureConfiguration)
SignatureConfiguration(org.pac4j.jwt.config.signature.SignatureConfiguration)
ECSignatureConfiguration(org.pac4j.jwt.config.signature.ECSignatureConfiguration)
SecretEncryptionConfiguration(org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration)
EncryptionConfiguration(org.pac4j.jwt.config.encryption.EncryptionConfiguration)
JwtAuthenticator(org.pac4j.jwt.credentials.authenticator.JwtAuthenticator)
SecretEncryptionConfiguration(org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration)
SecretSignatureConfiguration(org.pac4j.jwt.config.signature.SecretSignatureConfiguration)
FacebookProfile(org.pac4j.oauth.profile.facebook.FacebookProfile)
Test(org.junit.Test)
Example 13 with SecretEncryptionConfiguration
use of org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration in project pac4j by pac4j.
the class JwtTests method testGenerateAuthenticate.
@Test
public void testGenerateAuthenticate() {
final JwtGenerator<FacebookProfile> generator = new JwtGenerator<>(new SecretSignatureConfiguration(MAC_SECRET), new SecretEncryptionConfiguration(MAC_SECRET));
final FacebookProfile profile = createProfile();
final String token = generator.generate(profile);
assertToken(profile, token);
}
Also used :
JwtGenerator(org.pac4j.jwt.profile.JwtGenerator)
SecretEncryptionConfiguration(org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration)
FacebookProfile(org.pac4j.oauth.profile.facebook.FacebookProfile)
SecretSignatureConfiguration(org.pac4j.jwt.config.signature.SecretSignatureConfiguration)
Test(org.junit.Test)
Example 14 with SecretEncryptionConfiguration
use of org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration in project cas by apereo.
the class GenerateJwtCommand method configureJwtEncryption.
private static void configureJwtEncryption(final int encryptionSecretSize, final String encryptionAlgorithm, final String encryptionMethod, final JwtGenerator g) {
if (encryptionSecretSize <= 0 || StringUtils.isBlank(encryptionMethod) || StringUtils.isBlank(encryptionAlgorithm)) {
LOGGER.info("No encryption algorithm or size specified, so the generated JWT will not be encrypted");
return;
}
val encryptionSecret = RandomUtils.randomAlphanumeric(encryptionSecretSize);
LOGGER.info("==== Encryption Secret ====\n[{}]\n", encryptionSecret);
val acceptedEncAlgs = Arrays.stream(JWEAlgorithm.class.getDeclaredFields()).filter(f -> f.getType().equals(JWEAlgorithm.class)).map(Unchecked.function(f -> {
f.setAccessible(true);
return ((JWEAlgorithm) f.get(null)).getName();
})).collect(Collectors.joining(","));
LOGGER.debug("Encryption algorithm: [{}]. Available algorithms are [{}]", encryptionAlgorithm, acceptedEncAlgs);
val acceptedEncMethods = Arrays.stream(EncryptionMethod.class.getDeclaredFields()).filter(f -> f.getType().equals(EncryptionMethod.class)).map(Unchecked.function(f -> {
f.setAccessible(true);
return ((EncryptionMethod) f.get(null)).getName();
})).collect(Collectors.joining(","));
LOGGER.debug("Encryption method: [{}]. Available methods are [{}]", encryptionMethod, acceptedEncMethods);
val algorithm = JWEAlgorithm.parse(encryptionAlgorithm);
val encryptionMethodAlg = EncryptionMethod.parse(encryptionMethod);
if (DirectDecrypter.SUPPORTED_ALGORITHMS.contains(algorithm)) {
if (!DirectDecrypter.SUPPORTED_ENCRYPTION_METHODS.contains(encryptionMethodAlg)) {
LOGGER.warn("Encrypted method [{}] is not supported for algorithm [{}]. Accepted methods are [{}]", encryptionMethod, encryptionAlgorithm, DirectDecrypter.SUPPORTED_ENCRYPTION_METHODS);
return;
}
}
if (AESDecrypter.SUPPORTED_ALGORITHMS.contains(algorithm)) {
if (!AESDecrypter.SUPPORTED_ENCRYPTION_METHODS.contains(encryptionMethodAlg)) {
LOGGER.warn("Encrypted method [{}] is not supported for algorithm [{}]. Accepted methods are [{}]", encryptionMethod, encryptionAlgorithm, AESDecrypter.SUPPORTED_ENCRYPTION_METHODS);
return;
}
}
g.setEncryptionConfiguration(new SecretEncryptionConfiguration(encryptionSecret, algorithm, encryptionMethodAlg));
}
Also used :
lombok.val(lombok.val)
JWEAlgorithm(com.nimbusds.jose.JWEAlgorithm)
SecretEncryptionConfiguration(org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration)
EncryptionMethod(com.nimbusds.jose.EncryptionMethod)
Example 15 with SecretEncryptionConfiguration
use of org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration in project cas by apereo.
the class TokenAuthenticationHandler method getSecretEncryptionConfiguration.
/**
* Gets secret encryption configuration.
*
* @param service the service
* @return the secret encryption configuration
*/
protected SecretEncryptionConfiguration getSecretEncryptionConfiguration(final RegisteredService service) {
val encryptionSecret = getRegisteredServiceJwtEncryptionSecret(service);
val sets = new HashSet<Algorithm>(0);
sets.addAll(JWEAlgorithm.Family.AES_GCM_KW);
sets.addAll(JWEAlgorithm.Family.AES_KW);
sets.addAll(JWEAlgorithm.Family.ASYMMETRIC);
sets.addAll(JWEAlgorithm.Family.ECDH_ES);
sets.addAll(JWEAlgorithm.Family.PBES2);
sets.addAll(JWEAlgorithm.Family.RSA);
sets.addAll(JWEAlgorithm.Family.SYMMETRIC);
val encryptionAlg = getRegisteredServiceJwtProperty(service, RegisteredServiceProperties.TOKEN_SECRET_ENCRYPTION_ALG);
val encryptionSecretAlg = StringUtils.defaultString(encryptionAlg, JWEAlgorithm.DIR.getName());
val encAlg = findAlgorithmFamily(sets, encryptionSecretAlg, JWEAlgorithm.class);
sets.clear();
sets.addAll(EncryptionMethod.Family.AES_CBC_HMAC_SHA);
sets.addAll(EncryptionMethod.Family.AES_GCM);
val encryptionMethod = getRegisteredServiceJwtProperty(service, RegisteredServiceProperties.TOKEN_SECRET_ENCRYPTION_METHOD);
val encryptionSecretMethod = StringUtils.defaultString(encryptionMethod, EncryptionMethod.A192CBC_HS384.getName());
val encMethod = findAlgorithmFamily(sets, encryptionSecretMethod, EncryptionMethod.class);
val encSecretBytes = getSecretBytes(encryptionSecret, areSecretsBase64Encoded(service));
return new SecretEncryptionConfiguration(encSecretBytes, encAlg, encMethod);
}
Also used :
lombok.val(lombok.val)
SecretEncryptionConfiguration(org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration)
HashSet(java.util.HashSet)
Aggregations
SecretEncryptionConfiguration (org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration)16
Test (org.junit.Test)11
SecretSignatureConfiguration (org.pac4j.jwt.config.signature.SecretSignatureConfiguration)11
JwtGenerator (org.pac4j.jwt.profile.JwtGenerator)11
JwtAuthenticator (org.pac4j.jwt.credentials.authenticator.JwtAuthenticator)7
FacebookProfile (org.pac4j.oauth.profile.facebook.FacebookProfile)6
lombok.val (lombok.val)4
CommonProfile (org.pac4j.core.profile.CommonProfile)4
TokenCredentials (org.pac4j.core.credentials.TokenCredentials)3
EncryptionMethod (com.nimbusds.jose.EncryptionMethod)2
JWEAlgorithm (com.nimbusds.jose.JWEAlgorithm)2
Test (org.junit.jupiter.api.Test)2
EncryptionConfiguration (org.pac4j.jwt.config.encryption.EncryptionConfiguration)2
ECSignatureConfiguration (org.pac4j.jwt.config.signature.ECSignatureConfiguration)2
SignatureConfiguration (org.pac4j.jwt.config.signature.SignatureConfiguration)2
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
HashSet (java.util.HashSet)1
CredentialsException (org.pac4j.core.exception.CredentialsException)1
TechnicalException (org.pac4j.core.exception.TechnicalException)1
