private Map<String, String> readUserSecret(UserModel userModel, String userMainSecret, List<String> audiences) {
Map<String, String> resourceSecrets = new HashMap<>();
for (String audience : audiences) {
if (StringUtils.isBlank(audience)) continue;
ResourceServer resourceServer = resourceServerService.getForAudience(audience);
if (resourceServer == null)
continue;
String userSecretClaimName = resourceServer.getUserSecretClaimName();
if (resourceSecrets.containsKey(userSecretClaimName))
continue;
List<String> userSecretClaimNameAttribute = userModel.getAttribute(userSecretClaimName);
byte[] secretEncryptionPasswordPBKDF2 = pbkdf2(userMainSecret.toCharArray(), userModel.getId().getBytes(),
PBKDF2_ITERATIONS, HASH_BYTES);
String userResourceSecretPlain;
if (userSecretClaimNameAttribute == null || userSecretClaimNameAttribute.isEmpty()) {
userResourceSecretPlain = RandomStringUtils.randomNumeric(16);
String customSecretAttrEnc = encrypt(userResourceSecretPlain, secretEncryptionPasswordPBKDF2);
userModel.setAttribute(userSecretClaimName, Arrays.asList(customSecretAttrEnc));
} else {
userResourceSecretPlain = decrypt(userSecretClaimNameAttribute.iterator().next(), secretEncryptionPasswordPBKDF2);
}
String userResourceSecretEncrypted = encryptionService.encryptFor(audience, userResourceSecretPlain);
resourceSecrets.put(userSecretClaimName, userResourceSecretEncrypted);
}
return resourceSecrets;
}