Search in sources :

Example 1 with JwtAuthenticator

use of org.pac4j.jwt.credentials.authenticator.JwtAuthenticator in project cas by apereo.

the class TokenAuthenticationHandler method getAuthenticator.

@Override
protected Authenticator<TokenCredentials> getAuthenticator(final Credential credential) {
    final TokenCredential tokenCredential = (TokenCredential) credential;
    LOGGER.debug("Locating token secret for service [{}]", tokenCredential.getService());
    final RegisteredService service = this.servicesManager.findServiceBy(tokenCredential.getService());
    final String signingSecret = getRegisteredServiceJwtSigningSecret(service);
    final String encryptionSecret = getRegisteredServiceJwtEncryptionSecret(service);
    final String signingSecretAlg = StringUtils.defaultString(getRegisteredServiceJwtSecret(service, TokenConstants.PROPERTY_NAME_TOKEN_SECRET_SIGNING_ALG), JWSAlgorithm.HS256.getName());
    final String encryptionSecretAlg = StringUtils.defaultString(getRegisteredServiceJwtSecret(service, TokenConstants.PROPERTY_NAME_TOKEN_SECRET_ENCRYPTION_ALG), JWEAlgorithm.DIR.getName());
    final String encryptionSecretMethod = StringUtils.defaultString(getRegisteredServiceJwtSecret(service, TokenConstants.PROPERTY_NAME_TOKEN_SECRET_ENCRYPTION_METHOD), EncryptionMethod.A192CBC_HS384.getName());
    if (StringUtils.isNotBlank(signingSecret)) {
        Set<Algorithm> sets = new HashSet<>();
        sets.addAll(JWSAlgorithm.Family.EC);
        sets.addAll(JWSAlgorithm.Family.HMAC_SHA);
        sets.addAll(JWSAlgorithm.Family.RSA);
        sets.addAll(JWSAlgorithm.Family.SIGNATURE);
        final JWSAlgorithm signingAlg = findAlgorithmFamily(sets, signingSecretAlg);
        final JwtAuthenticator a = new JwtAuthenticator();
        a.setSignatureConfiguration(new SecretSignatureConfiguration(signingSecret, signingAlg));
        if (StringUtils.isNotBlank(encryptionSecret)) {
            sets = new HashSet<>();
            sets.addAll(JWEAlgorithm.Family.AES_GCM_KW);
            sets.addAll(JWEAlgorithm.Family.AES_KW);
            sets.addAll(JWEAlgorithm.Family.ASYMMETRIC);
            sets.addAll(JWEAlgorithm.Family.ECDH_ES);
            sets.addAll(JWEAlgorithm.Family.PBES2);
            sets.addAll(JWEAlgorithm.Family.RSA);
            sets.addAll(JWEAlgorithm.Family.SYMMETRIC);
            final JWEAlgorithm encAlg = findAlgorithmFamily(sets, encryptionSecretAlg);
            sets = new HashSet<>();
            sets.addAll(EncryptionMethod.Family.AES_CBC_HMAC_SHA);
            sets.addAll(EncryptionMethod.Family.AES_GCM);
            final EncryptionMethod encMethod = findAlgorithmFamily(sets, encryptionSecretMethod);
            a.setEncryptionConfiguration(new SecretEncryptionConfiguration(encryptionSecret, encAlg, encMethod));
        } else {
            LOGGER.warn("JWT authentication is configured to share a single key for both signing/encryption");
        }
        return a;
    }
    LOGGER.warn("No token signing secret is defined for service [{}]. Ensure [{}] property is defined for service", service.getServiceId(), TokenConstants.PROPERTY_NAME_TOKEN_SECRET_SIGNING);
    return null;
}
Also used : RegisteredService(org.apereo.cas.services.RegisteredService) EncryptionMethod(com.nimbusds.jose.EncryptionMethod) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) SecretSignatureConfiguration(org.pac4j.jwt.config.signature.SecretSignatureConfiguration) JWEAlgorithm(com.nimbusds.jose.JWEAlgorithm) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) Algorithm(com.nimbusds.jose.Algorithm) JWEAlgorithm(com.nimbusds.jose.JWEAlgorithm) JwtAuthenticator(org.pac4j.jwt.credentials.authenticator.JwtAuthenticator) SecretEncryptionConfiguration(org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration) HashSet(java.util.HashSet)

Aggregations

Algorithm (com.nimbusds.jose.Algorithm)1 EncryptionMethod (com.nimbusds.jose.EncryptionMethod)1 JWEAlgorithm (com.nimbusds.jose.JWEAlgorithm)1 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)1 HashSet (java.util.HashSet)1 RegisteredService (org.apereo.cas.services.RegisteredService)1 SecretEncryptionConfiguration (org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration)1 SecretSignatureConfiguration (org.pac4j.jwt.config.signature.SecretSignatureConfiguration)1 JwtAuthenticator (org.pac4j.jwt.credentials.authenticator.JwtAuthenticator)1