use of org.pac4j.jwt.credentials.authenticator.JwtAuthenticator in project cas by apereo.
the class TokenAuthenticationHandler method getAuthenticator.
@Override
protected Authenticator<TokenCredentials> getAuthenticator(final Credential credential) {
final TokenCredential tokenCredential = (TokenCredential) credential;
LOGGER.debug("Locating token secret for service [{}]", tokenCredential.getService());
final RegisteredService service = this.servicesManager.findServiceBy(tokenCredential.getService());
final String signingSecret = getRegisteredServiceJwtSigningSecret(service);
final String encryptionSecret = getRegisteredServiceJwtEncryptionSecret(service);
final String signingSecretAlg = StringUtils.defaultString(getRegisteredServiceJwtSecret(service, TokenConstants.PROPERTY_NAME_TOKEN_SECRET_SIGNING_ALG), JWSAlgorithm.HS256.getName());
final String encryptionSecretAlg = StringUtils.defaultString(getRegisteredServiceJwtSecret(service, TokenConstants.PROPERTY_NAME_TOKEN_SECRET_ENCRYPTION_ALG), JWEAlgorithm.DIR.getName());
final String encryptionSecretMethod = StringUtils.defaultString(getRegisteredServiceJwtSecret(service, TokenConstants.PROPERTY_NAME_TOKEN_SECRET_ENCRYPTION_METHOD), EncryptionMethod.A192CBC_HS384.getName());
if (StringUtils.isNotBlank(signingSecret)) {
Set<Algorithm> sets = new HashSet<>();
sets.addAll(JWSAlgorithm.Family.EC);
sets.addAll(JWSAlgorithm.Family.HMAC_SHA);
sets.addAll(JWSAlgorithm.Family.RSA);
sets.addAll(JWSAlgorithm.Family.SIGNATURE);
final JWSAlgorithm signingAlg = findAlgorithmFamily(sets, signingSecretAlg);
final JwtAuthenticator a = new JwtAuthenticator();
a.setSignatureConfiguration(new SecretSignatureConfiguration(signingSecret, signingAlg));
if (StringUtils.isNotBlank(encryptionSecret)) {
sets = new HashSet<>();
sets.addAll(JWEAlgorithm.Family.AES_GCM_KW);
sets.addAll(JWEAlgorithm.Family.AES_KW);
sets.addAll(JWEAlgorithm.Family.ASYMMETRIC);
sets.addAll(JWEAlgorithm.Family.ECDH_ES);
sets.addAll(JWEAlgorithm.Family.PBES2);
sets.addAll(JWEAlgorithm.Family.RSA);
sets.addAll(JWEAlgorithm.Family.SYMMETRIC);
final JWEAlgorithm encAlg = findAlgorithmFamily(sets, encryptionSecretAlg);
sets = new HashSet<>();
sets.addAll(EncryptionMethod.Family.AES_CBC_HMAC_SHA);
sets.addAll(EncryptionMethod.Family.AES_GCM);
final EncryptionMethod encMethod = findAlgorithmFamily(sets, encryptionSecretMethod);
a.setEncryptionConfiguration(new SecretEncryptionConfiguration(encryptionSecret, encAlg, encMethod));
} else {
LOGGER.warn("JWT authentication is configured to share a single key for both signing/encryption");
}
return a;
}
LOGGER.warn("No token signing secret is defined for service [{}]. Ensure [{}] property is defined for service", service.getServiceId(), TokenConstants.PROPERTY_NAME_TOKEN_SECRET_SIGNING);
return null;
}
Aggregations