private void configureSigningParametersForEncoding() { val result = findRsaJsonWebKeyByProvidedKeyId(webKeySet.getJsonWebKeys()); if (result.isEmpty()) { throw new IllegalArgumentException("Could not locate RSA JSON web key from keystore"); } val key = result.get(); if (key.getPrivateKey() == null) { throw new IllegalArgumentException("Private key located from keystore for key id " + key.getKeyId() + " is undefined"); } setSigningKey(key.getPrivateKey()); }
private void configureEncryptionParametersForDecoding() { if (httpsJkws.isEmpty()) { LOGGER.debug("No JWKS endpoint is defined. Configuration of encryption parameters and keys are skipped"); } else { try { val keys = this.httpsJkws.get().getJsonWebKeys(); val encKeyResult = findRsaJsonWebKey(keys, Predicates.alwaysTrue()); if (encKeyResult.isEmpty()) { throw new IllegalArgumentException("Could not locate RSA JSON web key from endpoint"); } val encKey = encKeyResult.get(); if (encKey.getPrivateKey() == null) { throw new IllegalArgumentException("Private key located from endpoint for key id " + encKey.getKeyId() + " is undefined"); } setSecretKeyEncryptionKey(encKey.getPrivateKey()); setContentEncryptionAlgorithmIdentifier(ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256); setEncryptionAlgorithm(KeyManagementAlgorithmIdentifiers.RSA_OAEP_256); } catch (final Exception e) { throw new RuntimeException(e.getMessage(), e); } } }
@Override public String createToken(HobsonUser user) { try { JwtClaims claims = new JwtClaims(); claims.setIssuer(oidcConfig.getIssuer()); claims.setAudience(System.getenv("OIDC_AUDIENCE") != null ? System.getenv("OIDC_AUDIENCE") : System.getProperty("OIDC_AUDIENCE", "hobson-webconsole")); claims.setSubject(user.getId()); claims.setStringClaim(PROP_FIRST_NAME, user.getGivenName()); claims.setStringClaim(PROP_LAST_NAME, user.getFamilyName()); claims.setExpirationTimeMinutesInTheFuture(DEFAULT_EXPIRATION_MINUTES); claims.setClaim("realm_access", Collections.singletonMap("roles", user.getRoles())); Collection<String> hubs = getHubsForUser(user.getId()); if (hubs != null) { claims.setStringClaim("hubs", StringUtils.join(hubs, ",")); } JsonWebSignature jws = new JsonWebSignature(); jws.setPayload(claims.toJson()); jws.setKey(((RsaJsonWebKey)oidcConfig.getSigningKey()).getPrivateKey()); jws.setKeyIdHeaderValue(((RsaJsonWebKey)oidcConfig.getSigningKey()).getKeyType()); jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); return jws.getCompactSerialization(); } catch (JoseException e) { logger.error("Error generating token", e); throw new HobsonAuthenticationException("Error generating token"); } }
jws.setKey(rsaJsonWebKey.getPrivateKey());