private static PublicKey getTestOAuthKey() { try { return RSAKeys.fromPemEncodingToPublicKey(TEST_KEY); } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { throw new RuntimeException(e); } }
private static KeyPair generateKeyPair() { try { return RSAKeys.generateKeyPair(); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } } }
@Override public void save() throws IOException { if (privateKey != null && publicKey != null) { FileUtils.writeStringToFile(privateKeyFile, RSAKeys.toPemEncoding(privateKey)); FileUtils.writeStringToFile(publicKeyFile, RSAKeys.toPemEncoding(publicKey)); } }
@Override protected void load() throws IOException { try { if (privateKeyFile.exists() && publicKeyFile.exists()) { privateKey = RSAKeys.fromPemEncodingToPrivateKey(FileUtils.readFileToString(privateKeyFile)); publicKey = RSAKeys.fromPemEncodingToPublicKey(FileUtils.readFileToString(publicKeyFile)); } else { KeyPair pair = RSAKeys.generateKeyPair(); privateKey = pair.getPrivate(); publicKey = pair.getPublic(); save(); } } catch (Exception e) { LOGGER.severe("Failed to load OAuth key pair: " + e.getMessage()); } }
protected final PublicKey getPublicKey(final HttpServletRequest request, final Map<String, String> fieldErrorMessages) { final String publicKeyParam = checkRequiredFormParameter(request, CONSUMER_PUBLIC_KEY, fieldErrorMessages, "auth.oauth.config.serviceprovider.missing.public.key"); if (publicKeyParam == null) { return null; } PublicKey publicKey = null; try { if (publicKeyParam.startsWith("-----BEGIN CERTIFICATE-----")) { publicKey = RSAKeys.fromEncodedCertificateToPublicKey(publicKeyParam); } else { publicKey = RSAKeys.fromPemEncodingToPublicKey(publicKeyParam); } } catch (GeneralSecurityException e) { fieldErrorMessages.put(CONSUMER_PUBLIC_KEY, i18nResolver.getText("auth.oauth.config.serviceprovider.invalid.public.key", e.getMessage())); } return publicKey; }
/** * Gets the consumer key that the given OAuth request has been authenticated on. * Calling this method on a non-OAuth request will result in {@link IllegalStateException}. * If unsure, simply call {@link #isOAuthRequest(javax.servlet.http.HttpServletRequest)} beforehand. * * @param req the servlet request * @return consumer key * @since 1.6 */ public static String getOAuthConsumerKey(HttpServletRequest req) { checkNotNull(req); checkState(isOAuthRequest(req), "cannot get OAuth consumer key out of non-OAuth request!"); return (String) req.getAttribute(OAUTH_CONSUMER_KEY); }
/** * Returns the RSA {@code PublicKey} that was decoded from the encoded string. The encoded key may contain new-lines * and OpenSSL header/footer sections. It must be a public key that has been encoded using the X.509 key spec and * base-64 algorithm. * * @param pemEncodedPublicKey A public key that has been X.509 and base-64 encoded * @return decoded RSA {@code PublicKey} * @throws NoSuchAlgorithmException thrown if there are no RSA providers available * @throws InvalidKeySpecException thrown if {@code pemEncodedPublicKey} is not a validly encoded {@code PublicKey} */ public static PublicKey fromPemEncodingToPublicKey(String pemEncodedPublicKey) throws NoSuchAlgorithmException, InvalidKeySpecException { KeyFactory fac = KeyFactory.getInstance(RSA); EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(decodeBase64(convertFromOpenSsl(pemEncodedPublicKey).getBytes())); return fac.generatePublic(publicKeySpec); }
@Nullable @SuppressWarnings("ConstantConditions") public PublicKey getPublicKey() { if (!containsKey(PUBLIC_KEY)) { return null; } try { return RSAKeys.fromPemEncodingToPublicKey(getString(PUBLIC_KEY)); } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { throw new RuntimeException("Invalid key", e); } }
@Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { response.setContentType("application/xml;charset=UTF-8"); Consumer consumer = store.getConsumer(); Map<String, Object> context = ImmutableMap.of( "consumer", consumer, "encodedPublicKey", RSAKeys.toPemEncoding(consumer.getPublicKey()) ); try { renderer.render("view.xml.vm", context, response.getWriter()); } catch (RenderingException e) { throw new ServletException(e); } catch (ConsumerCreationException e) { throw new ServletException(e); } } }
public boolean canExecuteRequest(HttpServletRequest request) { return RequestAnnotations.isOAuthRequest(request) || webSudoAuthenticator.isWebSudoSession(request); }
/** * Returns the RSA {@code PrivateKey} that was decoded from the encoded string. The encoded key may contain new-lines * and OpenSSL header/footer sections. It must be a private key that has been encoded using the PKCS8 key spec and * the base-64 algorithm. * * @param pemEncodedPrivateKey A private key that has been PKCS8 and base-64 encoded * @return decoded RSA {@code PrivateKey} * @throws NoSuchAlgorithmException thrown if there are no RSA providers available * @throws InvalidKeySpecException thrown if {@code pemEncodedPrivateKey} is not a validly encoded {@code PrivateKey} */ public static PrivateKey fromPemEncodingToPrivateKey(String pemEncodedPrivateKey) throws NoSuchAlgorithmException, InvalidKeySpecException { KeyFactory fac = KeyFactory.getInstance(RSA); EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(decodeBase64(convertFromOpenSsl(pemEncodedPrivateKey).getBytes())); return fac.generatePrivate(privateKeySpec); }
/** * Convert a given {@code consumerInfo} to a {@link com.atlassian.oauth.Consumer} * * @param consumerInfo the {@link com.marvelution.jenkins.plugins.jira.model.ConsumerInfo} to convert * @return the {@link com.atlassian.oauth.Consumer} * @throws InvalidKeySpecException * @throws NoSuchAlgorithmException */ public static Consumer toConsumer(ConsumerInfo consumerInfo) throws InvalidKeySpecException, NoSuchAlgorithmException { return Consumer.key(consumerInfo.getKey()).name(consumerInfo.getName()).description(consumerInfo.getDescription()) .publicKey(RSAKeys.fromPemEncodingToPublicKey(consumerInfo.getPublicKey())).build(); }
@Nonnull public ConsumerEntity build() { String publicKey; if (consumer.getPublicKey() != null) { publicKey = RSAKeys.toPemEncoding(consumer.getPublicKey()); } else { publicKey = null; } return new ConsumerEntity(self, consumer.getKey(), consumer.getName(), consumer.getDescription(), consumer.getSignatureMethod().name(), publicKey, consumer.getCallback(), consumer.getTwoLOAllowed(), consumer.getExecutingTwoLOUser(), consumer.getTwoLOImpersonationAllowed() ); } }
/** * Convert a given {@code consumerInfo} to an {@link net.oauth.OAuthConsumer} * * @param consumerInfo the {@link com.marvelution.jenkins.plugins.jira.model.ConsumerInfo} to convert * @param callback the callback uri * @return the {@link net.oauth.OAuthConsumer} * @throws InvalidKeySpecException * @throws NoSuchAlgorithmException */ public static OAuthConsumer toOAuthConsumer(ConsumerInfo consumerInfo, String callback) throws InvalidKeySpecException, NoSuchAlgorithmException { final OAuthConsumer consumer = new OAuthConsumer(callback, consumerInfo.getKey(), null, null); consumer.setProperty(NAME, consumerInfo.getName()); consumer.setProperty(DESCRIPTION, consumerInfo.getDescription()); consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.RSA_SHA1); consumer.setProperty(RSA_SHA1.PUBLIC_KEY, RSAKeys.fromPemEncodingToPublicKey(consumerInfo.getPublicKey())); return consumer; }
public RestConsumer(@Nonnull Consumer consumer) { checkNotNull(consumer, "consumer"); put(KEY, consumer.getKey()); put(NAME, consumer.getName()); putIfNotNull(DESCRIPTION, consumer.getDescription()); put(SIGNATURE_METHOD, consumer.getSignatureMethod().name()); if (consumer.getPublicKey() != null) { put(PUBLIC_KEY, RSAKeys.toPemEncoding(consumer.getPublicKey())); } putAsString(CALLBACK, consumer.getCallback()); put(TWO_LO_ALLOWED, consumer.getTwoLOAllowed()); putIfNotNull(EXECUTING_TWO_LO_USER, consumer.getExecutingTwoLOUser()); put(TWO_LO_IMPERSONATION_ALLOWED, consumer.getTwoLOImpersonationAllowed()); }
private void setUpOAuthConsumer() throws Exception { PublicKey publicKey = RSAKeys.fromPemEncodingToPublicKey(CONSUMER_PUBLIC_KEY); Consumer hardcodedConsumer = Consumer.key("hardcoded-consumer") .name("Hardcoded Consumer") .publicKey(publicKey) .description("Hardcoded Consumer") .callback(URI.create(appProp.getBaseUrl() + "/consumer/oauthcallback")) .twoLOAllowed(true) .executingTwoLOUser(infoProvider.getAdminUsername()) .build(); consumerStore.put(hardcodedConsumer); }
/** * Create a basic Consumer for the specified ApplicationLink */ private Consumer createBasicConsumer(final ConsumerEntity consumerEntity, ApplicationLink applicationLink) throws InvalidKeySpecException, NoSuchAlgorithmException, URISyntaxException { return Consumer.key(consumerEntity.getKey()) .name(consumerEntity.getName()) .publicKey(RSAKeys.fromPemEncodingToPublicKey(consumerEntity.getPublicKey())) .description(consumerEntity.getDescription()) .callback(consumerEntity.getCallback()) .build(); }
@Test public void testIfConsumerDoesNotHave3LOFlagDefinedThenItIsConsideredOn() throws Exception { PublicKey publicKey = RSAKeys.fromPemEncodingToPublicKey(CONSUMER_PUBLIC_KEY); final Consumer consumer = Consumer.key(CONSUMER_KEY) .name("Test Consumer Name") .publicKey(publicKey) .description("Consumer Description") .callback(URI.create(appProp.getBaseUrl() + "/consumer/oauthcallback1")) .build(); consumerStore.put(consumer); final Consumer savedConsumer = consumerStore.get(CONSUMER_KEY); assertTrue(savedConsumer.getThreeLOAllowed()); }
@Test public void testServiceProviderConsumerStoreCanStoreOAuth3LOConfiguration() throws Exception { PublicKey publicKey = RSAKeys.fromPemEncodingToPublicKey(CONSUMER_PUBLIC_KEY); final Consumer consumer = Consumer.key(CONSUMER_KEY) .name("Test Consumer Name") .publicKey(publicKey) .description("Consumer Description") .callback(URI.create(appProp.getBaseUrl() + "/consumer/oauthcallback1")) .threeLOAllowed(false) .build(); consumerStore.put(consumer); final Consumer savedConsumer = consumerStore.get(CONSUMER_KEY); assertFalse(savedConsumer.getThreeLOAllowed()); }
@Test public void testServiceProviderConsumerStoreCanStoreOAuth2LOConfiguration() throws Exception { PublicKey publicKey = RSAKeys.fromPemEncodingToPublicKey(CONSUMER_PUBLIC_KEY); final Consumer consumer = Consumer.key(CONSUMER_KEY) .name("Test Consumer Name") .publicKey(publicKey) .description("Consumer Description") .callback(URI.create(appProp.getBaseUrl() + "/consumer/oauthcallback1")) .twoLOAllowed(true) .executingTwoLOUser("2lo_user") .build(); consumerStore.put(consumer); final Consumer savedConsumer = consumerStore.get(CONSUMER_KEY); assertTrue(savedConsumer.getTwoLOAllowed()); assertEquals("2lo_user", savedConsumer.getExecutingTwoLOUser()); }