added provisions to bootstrap signing and validation service from config files
Justin Richer
parent
520f55f960
commit
fca30cd13f
|
|
@ -16,12 +16,7 @@
|
|||
package org.mitre.jwt.signer.service;
|
||||
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.Map;
|
||||
|
||||
import org.mitre.jwt.model.Jwt;
|
||||
import org.mitre.jwt.signer.JwtSigner;
|
||||
|
||||
import com.nimbusds.jwt.JWT;
|
||||
import com.nimbusds.jwt.SignedJWT;
|
||||
|
||||
public interface JwtSigningAndValidationService {
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.mitre.jwt.signer.service.impl;
|
|||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.Map.Entry;
|
||||
|
||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
||||
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
|
||||
|
|
@ -37,9 +38,9 @@ public class DefaultJwtSigningAndValidationService implements JwtSigningAndValid
|
|||
private ConfigurationPropertiesBean configBean;
|
||||
|
||||
// map of identifier to signer
|
||||
private Map<String, ? extends JWSSigner> signers = new HashMap<String, JWSSigner>();
|
||||
private Map<String, JWSSigner> signers = new HashMap<String, JWSSigner>();
|
||||
// map of identifier to verifier
|
||||
private Map<String, ? extends JWSVerifier> verifiers = new HashMap<String, JWSVerifier>();
|
||||
private Map<String, JWSVerifier> verifiers = new HashMap<String, JWSVerifier>();
|
||||
|
||||
private static Logger logger = LoggerFactory.getLogger(DefaultJwtSigningAndValidationService.class);
|
||||
|
||||
|
|
@ -47,6 +48,21 @@ public class DefaultJwtSigningAndValidationService implements JwtSigningAndValid
|
|||
* default constructor
|
||||
*/
|
||||
public DefaultJwtSigningAndValidationService() {
|
||||
|
||||
}
|
||||
|
||||
public DefaultJwtSigningAndValidationService(Map<String, RSASSASignerVerifierBuilder> builders) {
|
||||
|
||||
for (Entry<String, RSASSASignerVerifierBuilder> e : builders.entrySet()) {
|
||||
|
||||
JWSSigner signer = e.getValue().buildSigner();
|
||||
signers.put(e.getKey(), signer);
|
||||
|
||||
JWSVerifier verifier = e.getValue().buildVerifier();
|
||||
verifiers.put(e.getKey(), verifier);
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -0,0 +1,125 @@
|
|||
/**
|
||||
*
|
||||
*/
|
||||
package org.mitre.jwt.signer.service.impl;
|
||||
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.KeyPair;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.PublicKey;
|
||||
import java.security.interfaces.RSAPrivateKey;
|
||||
import java.security.interfaces.RSAPublicKey;
|
||||
|
||||
import org.mitre.jwt.encryption.impl.KeyStore;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import com.nimbusds.jose.crypto.RSASSASigner;
|
||||
import com.nimbusds.jose.crypto.RSASSAVerifier;
|
||||
|
||||
/**
|
||||
* @author jricher
|
||||
*
|
||||
*/
|
||||
public class RSASSASignerVerifierBuilder {
|
||||
|
||||
private static Logger log = LoggerFactory.getLogger(RSASSASignerVerifierBuilder.class);
|
||||
|
||||
private String alias;
|
||||
private String password;
|
||||
private KeyStore keystore;
|
||||
/**
|
||||
* @return the alias
|
||||
*/
|
||||
public String getAlias() {
|
||||
return alias;
|
||||
}
|
||||
/**
|
||||
* @param alias the alias to set
|
||||
*/
|
||||
public void setAlias(String alias) {
|
||||
this.alias = alias;
|
||||
}
|
||||
/**
|
||||
* @return the password
|
||||
*/
|
||||
public String getPassword() {
|
||||
return password;
|
||||
}
|
||||
/**
|
||||
* @param password the password to set
|
||||
*/
|
||||
public void setPassword(String password) {
|
||||
this.password = password;
|
||||
}
|
||||
/**
|
||||
* @return the keystore
|
||||
*/
|
||||
public KeyStore getKeystore() {
|
||||
return keystore;
|
||||
}
|
||||
/**
|
||||
* @param keystore the keystore to set
|
||||
*/
|
||||
public void setKeystore(KeyStore keystore) {
|
||||
this.keystore = keystore;
|
||||
}
|
||||
|
||||
/**
|
||||
* Build the signer as configured from the given keystore, null if it can't be built for some reason
|
||||
* @return
|
||||
*/
|
||||
public RSASSASigner buildSigner() {
|
||||
|
||||
try {
|
||||
KeyPair keyPair = keystore.getKeyPairForAlias(alias, password);
|
||||
|
||||
PrivateKey privateKey = keyPair.getPrivate();
|
||||
|
||||
if (privateKey instanceof RSAPrivateKey) {
|
||||
RSASSASigner signer = new RSASSASigner((RSAPrivateKey) privateKey);
|
||||
return signer;
|
||||
} else {
|
||||
log.warn("Couldn't build signer, referenced key is not RSA");
|
||||
return null;
|
||||
}
|
||||
} catch (GeneralSecurityException e) {
|
||||
// TODO Auto-generated catch block
|
||||
log.warn("Couldn't buld signer:", e);
|
||||
|
||||
}
|
||||
|
||||
log.warn("Couldn't build signer");
|
||||
return null;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Build the signer as configured from the given keystore, null if it can't be built for some reason
|
||||
* @return
|
||||
*/
|
||||
public RSASSAVerifier buildVerifier() {
|
||||
|
||||
try {
|
||||
KeyPair keyPair = keystore.getKeyPairForAlias(alias, password);
|
||||
|
||||
PublicKey publicKey = keyPair.getPublic();
|
||||
|
||||
if (publicKey instanceof RSAPublicKey) {
|
||||
RSASSAVerifier signer = new RSASSAVerifier((RSAPublicKey) publicKey);
|
||||
return signer;
|
||||
} else {
|
||||
log.warn("Couldn't build verifier, referenced key is not RSA");
|
||||
return null;
|
||||
}
|
||||
} catch (GeneralSecurityException e) {
|
||||
// TODO Auto-generated catch block
|
||||
log.warn("Couldn't buld verifier:", e);
|
||||
|
||||
}
|
||||
|
||||
log.warn("Couldn't build verifier");
|
||||
return null;
|
||||
|
||||
}
|
||||
}
|
||||
|
|
@ -10,24 +10,17 @@
|
|||
|
||||
<bean id="defaultsignerService"
|
||||
class="org.mitre.jwt.signer.service.impl.DefaultJwtSigningAndValidationService">
|
||||
<property name="signers">
|
||||
<constructor-arg name="builders">
|
||||
<map>
|
||||
<entry key="rsa1">
|
||||
<bean id="rsaSigner" class="org.mitre.jwt.signer.impl.RsaSigner">
|
||||
<property name="algorithm" value="RS256" />
|
||||
<bean id="rsaSignerBuilder" class="org.mitre.jwt.signer.service.impl.RSASSASignerVerifierBuilder">
|
||||
<property name="keystore" ref="defaultKeystore" />
|
||||
<property name="alias" value="rsa" />
|
||||
<property name="password" value="changeit" />
|
||||
</bean>
|
||||
</entry>
|
||||
<entry key="hmac1">
|
||||
<bean id="hmacSigner" class="org.mitre.jwt.signer.impl.HmacSigner">
|
||||
<property name="algorithm" value="HS256" />
|
||||
<property name="passphrase" value="changeit" />
|
||||
</bean>
|
||||
</entry>
|
||||
</map>
|
||||
</property>
|
||||
</constructor-arg>
|
||||
</bean>
|
||||
|
||||
</beans>
|
||||
|
|
|
|||
Loading…
Reference in New Issue