Example 1 with JwtAuthenticator
use of org.pac4j.jwt.credentials.authenticator.JwtAuthenticator in project cas by apereo.
the class TokenAuthenticationHandler method getAuthenticator.
@Override
protected Authenticator<TokenCredentials> getAuthenticator(final Credential credential) {
final TokenCredential tokenCredential = (TokenCredential) credential;
LOGGER.debug("Locating token secret for service [{}]", tokenCredential.getService());
final RegisteredService service = this.servicesManager.findServiceBy(tokenCredential.getService());
final String signingSecret = getRegisteredServiceJwtSigningSecret(service);
final String encryptionSecret = getRegisteredServiceJwtEncryptionSecret(service);
final String signingSecretAlg = StringUtils.defaultString(getRegisteredServiceJwtSecret(service, TokenConstants.PROPERTY_NAME_TOKEN_SECRET_SIGNING_ALG), JWSAlgorithm.HS256.getName());
final String encryptionSecretAlg = StringUtils.defaultString(getRegisteredServiceJwtSecret(service, TokenConstants.PROPERTY_NAME_TOKEN_SECRET_ENCRYPTION_ALG), JWEAlgorithm.DIR.getName());
final String encryptionSecretMethod = StringUtils.defaultString(getRegisteredServiceJwtSecret(service, TokenConstants.PROPERTY_NAME_TOKEN_SECRET_ENCRYPTION_METHOD), EncryptionMethod.A192CBC_HS384.getName());
if (StringUtils.isNotBlank(signingSecret)) {
Set<Algorithm> sets = new HashSet<>();
sets.addAll(JWSAlgorithm.Family.EC);
sets.addAll(JWSAlgorithm.Family.HMAC_SHA);
sets.addAll(JWSAlgorithm.Family.RSA);
sets.addAll(JWSAlgorithm.Family.SIGNATURE);
final JWSAlgorithm signingAlg = findAlgorithmFamily(sets, signingSecretAlg);
final JwtAuthenticator a = new JwtAuthenticator();
a.setSignatureConfiguration(new SecretSignatureConfiguration(signingSecret, signingAlg));
if (StringUtils.isNotBlank(encryptionSecret)) {
sets = new HashSet<>();
sets.addAll(JWEAlgorithm.Family.AES_GCM_KW);
sets.addAll(JWEAlgorithm.Family.AES_KW);
sets.addAll(JWEAlgorithm.Family.ASYMMETRIC);
sets.addAll(JWEAlgorithm.Family.ECDH_ES);
sets.addAll(JWEAlgorithm.Family.PBES2);
sets.addAll(JWEAlgorithm.Family.RSA);
sets.addAll(JWEAlgorithm.Family.SYMMETRIC);
final JWEAlgorithm encAlg = findAlgorithmFamily(sets, encryptionSecretAlg);
sets = new HashSet<>();
sets.addAll(EncryptionMethod.Family.AES_CBC_HMAC_SHA);
sets.addAll(EncryptionMethod.Family.AES_GCM);
final EncryptionMethod encMethod = findAlgorithmFamily(sets, encryptionSecretMethod);
a.setEncryptionConfiguration(new SecretEncryptionConfiguration(encryptionSecret, encAlg, encMethod));
} else {
LOGGER.warn("JWT authentication is configured to share a single key for both signing/encryption");
}
return a;
}
LOGGER.warn("No token signing secret is defined for service [{}]. Ensure [{}] property is defined for service", service.getServiceId(), TokenConstants.PROPERTY_NAME_TOKEN_SECRET_SIGNING);
return null;
}
Also used :
RegisteredService(org.apereo.cas.services.RegisteredService)
EncryptionMethod(com.nimbusds.jose.EncryptionMethod)
JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm)
SecretSignatureConfiguration(org.pac4j.jwt.config.signature.SecretSignatureConfiguration)
JWEAlgorithm(com.nimbusds.jose.JWEAlgorithm)
JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm)
Algorithm(com.nimbusds.jose.Algorithm)
JWEAlgorithm(com.nimbusds.jose.JWEAlgorithm)
JwtAuthenticator(org.pac4j.jwt.credentials.authenticator.JwtAuthenticator)
SecretEncryptionConfiguration(org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration)
HashSet(java.util.HashSet)
Aggregations
Algorithm (com.nimbusds.jose.Algorithm)1
EncryptionMethod (com.nimbusds.jose.EncryptionMethod)1
JWEAlgorithm (com.nimbusds.jose.JWEAlgorithm)1
JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)1
HashSet (java.util.HashSet)1
RegisteredService (org.apereo.cas.services.RegisteredService)1
SecretEncryptionConfiguration (org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration)1
SecretSignatureConfiguration (org.pac4j.jwt.config.signature.SecretSignatureConfiguration)1
JwtAuthenticator (org.pac4j.jwt.credentials.authenticator.JwtAuthenticator)1
