draft for borrow, update partey tags, added jwt
This commit is contained in:
+1
-6
@@ -14,13 +14,8 @@
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>de.bstly.we</groupId>
|
||||
<artifactId>webstly-core</artifactId>
|
||||
<artifactId>webstly-jwt</artifactId>
|
||||
<version>${revision}</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>com.nimbusds</groupId>
|
||||
<artifactId>nimbus-jose-jwt</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
*/
|
||||
package de.bstly.we.oidc.businesslogic;
|
||||
|
||||
import java.text.ParseException;
|
||||
import java.time.Instant;
|
||||
import java.time.ZoneId;
|
||||
import java.time.temporal.ChronoUnit;
|
||||
@@ -11,9 +10,8 @@ import java.util.Date;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.annotation.PostConstruct;
|
||||
|
||||
import org.apache.commons.lang3.RandomStringUtils;
|
||||
import org.springframework.beans.factory.SmartInitializingSingleton;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.util.Assert;
|
||||
@@ -21,24 +19,22 @@ import org.springframework.util.StringUtils;
|
||||
|
||||
import com.beust.jcommander.internal.Maps;
|
||||
import com.nimbusds.jose.JOSEException;
|
||||
import com.nimbusds.jose.JOSEObjectType;
|
||||
import com.nimbusds.jose.JWSAlgorithm;
|
||||
import com.nimbusds.jose.JWSHeader;
|
||||
import com.nimbusds.jose.JWSSigner;
|
||||
import com.nimbusds.jose.JWSVerifier;
|
||||
import com.nimbusds.jose.crypto.RSASSASigner;
|
||||
import com.nimbusds.jose.crypto.RSASSAVerifier;
|
||||
import com.nimbusds.jose.jwk.JWKSet;
|
||||
import com.nimbusds.jose.jwk.RSAKey;
|
||||
import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
|
||||
import com.nimbusds.jose.jwk.KeyType;
|
||||
import com.nimbusds.jose.jwk.KeyUse;
|
||||
import com.nimbusds.jwt.JWTClaimsSet.Builder;
|
||||
import com.nimbusds.jwt.SignedJWT;
|
||||
|
||||
import de.bstly.we.businesslogic.PermissionManager;
|
||||
import de.bstly.we.businesslogic.QuotaManager;
|
||||
import de.bstly.we.businesslogic.SystemPropertyManager;
|
||||
import de.bstly.we.businesslogic.UserManager;
|
||||
import de.bstly.we.businesslogic.UserProfileFieldManager;
|
||||
import de.bstly.we.businesslogic.UserProfileFields;
|
||||
import de.bstly.we.jwt.businesslogic.JwtKeyManager;
|
||||
import de.bstly.we.jwt.model.JwtKey;
|
||||
import de.bstly.we.model.Permission;
|
||||
import de.bstly.we.model.Quota;
|
||||
import de.bstly.we.model.User;
|
||||
@@ -52,17 +48,12 @@ import de.bstly.we.oidc.repository.OidcTokenRepository;
|
||||
* The Class OidcTokenManager.
|
||||
*/
|
||||
@Service
|
||||
public class OidcTokenManager {
|
||||
public class OidcTokenManager implements SmartInitializingSingleton {
|
||||
|
||||
public static final int ACCESS_TOKEN_LENGTH = 64;
|
||||
public static final String OIDC_JWK_PUBLIC_KEY = "oidc-jwk-public-key";
|
||||
public static final String OIDC_JWT_KEY_NAME = "oidc";
|
||||
public static final String BEARER_TOKEN_TYPE = "Bearer";
|
||||
|
||||
private RSAKey publicKey;
|
||||
private JWKSet jwkSet;
|
||||
private JWSSigner signer;
|
||||
private JWSVerifier verifier;
|
||||
|
||||
@Autowired
|
||||
private OidcTokenRepository tokenRepository;
|
||||
@Autowired
|
||||
@@ -74,32 +65,37 @@ public class OidcTokenManager {
|
||||
@Autowired
|
||||
private QuotaManager quotaManager;
|
||||
@Autowired
|
||||
private SystemPropertyManager systemPropertyManager;
|
||||
private JwtKeyManager jwtKeyManager;
|
||||
private QOidcToken qOidcToken = QOidcToken.oidcToken;
|
||||
|
||||
/**
|
||||
* Inits the oidc token manager.
|
||||
*
|
||||
* @throws JOSEException the JOSE exception
|
||||
/*
|
||||
* @see org.springframework.beans.factory.SmartInitializingSingleton#afterSingletonsInstantiated()
|
||||
*/
|
||||
@PostConstruct
|
||||
public void initOidcTokenManager() throws JOSEException {
|
||||
RSAKey rsaJWK = null;
|
||||
if (systemPropertyManager.has(OIDC_JWK_PUBLIC_KEY)) {
|
||||
try {
|
||||
rsaJWK = RSAKey.parse(systemPropertyManager.get(OIDC_JWK_PUBLIC_KEY));
|
||||
} catch (ParseException e) {
|
||||
|
||||
}
|
||||
} else {
|
||||
rsaJWK = new RSAKeyGenerator(2048).keyID("1").generate();
|
||||
systemPropertyManager.add(OIDC_JWK_PUBLIC_KEY, rsaJWK.toJSONString());
|
||||
/*
|
||||
* @see org.springframework.beans.factory.SmartInitializingSingleton#
|
||||
* afterSingletonsInstantiated()
|
||||
*/
|
||||
@Override
|
||||
public void afterSingletonsInstantiated() {
|
||||
if (jwtKeyManager.getLatest(OIDC_JWT_KEY_NAME, false) == null) {
|
||||
createDefaultJwtKey();
|
||||
}
|
||||
}
|
||||
|
||||
this.publicKey = rsaJWK.toPublicJWK();
|
||||
this.signer = new RSASSASigner(rsaJWK);
|
||||
this.jwkSet = new JWKSet(this.publicKey);
|
||||
this.verifier = new RSASSAVerifier(this.publicKey);
|
||||
/**
|
||||
* Creates the default jwt key.
|
||||
*
|
||||
* @return the jwt key
|
||||
*/
|
||||
protected JwtKey createDefaultJwtKey() {
|
||||
JwtKey jwtKey = new JwtKey();
|
||||
jwtKey.setName(OIDC_JWT_KEY_NAME);
|
||||
jwtKey.setKeyType(KeyType.RSA.getValue());
|
||||
jwtKey.setKeyParameter("2048");
|
||||
jwtKey.setJwsAlgorithm(JWSAlgorithm.RS256.getName());
|
||||
jwtKey.setKeyUse(KeyUse.SIGNATURE.getValue());
|
||||
jwtKey.setLifetime(-1L);
|
||||
return jwtKeyManager.createKey(jwtKey);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -154,11 +150,19 @@ public class OidcTokenManager {
|
||||
claimsSetBuilder.claim("nonce", nonce);
|
||||
}
|
||||
|
||||
JWSHeader.Builder headerBuilder = new JWSHeader.Builder(JWSAlgorithm.RS256);
|
||||
headerBuilder.keyID(getPublicKey().getKeyID());
|
||||
JwtKey jwtKey = jwtKeyManager.getLatest(OIDC_JWT_KEY_NAME, false);
|
||||
|
||||
if (jwtKey == null) {
|
||||
jwtKey = createDefaultJwtKey();
|
||||
}
|
||||
|
||||
JWSHeader.Builder headerBuilder = new JWSHeader.Builder(
|
||||
jwtKeyManager.getJwsAlgorithm(jwtKey));
|
||||
headerBuilder.keyID(jwtKey.getKeyID());
|
||||
headerBuilder.type(JOSEObjectType.JWT);
|
||||
|
||||
SignedJWT jwt = new SignedJWT(headerBuilder.build(), claimsSetBuilder.build());
|
||||
jwt.sign(getSigner());
|
||||
jwt.sign(jwtKeyManager.createSigner(jwtKey));
|
||||
|
||||
token.setIdToken(jwt.serialize());
|
||||
|
||||
@@ -234,39 +238,12 @@ public class OidcTokenManager {
|
||||
return tokenRepository.findOne(qOidcToken.accessToken.eq(accessToken)).orElse(null);
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the signer.
|
||||
*
|
||||
* @return the signer
|
||||
*/
|
||||
public JWSSigner getSigner() {
|
||||
return signer;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the verifier.
|
||||
*
|
||||
* @return the verifier
|
||||
*/
|
||||
public JWSVerifier getVerifier() {
|
||||
return verifier;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the public key.
|
||||
*
|
||||
* @return the public key
|
||||
*/
|
||||
public RSAKey getPublicKey() {
|
||||
return publicKey;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the jwk set.
|
||||
*
|
||||
* @return the jwk set
|
||||
*/
|
||||
public JWKSet getJwkSet() {
|
||||
return jwkSet;
|
||||
return jwtKeyManager.getJwkSet(OIDC_JWT_KEY_NAME, false);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user