@Bean JwtTokenServiceImpl jwtTokenServiceImpl() { return new JwtTokenServiceImpl(); }
public String getPrivateKey() { RSAPrivateKeyHolder keyHolder = keyProvider.getPrivateKey(); if(keyHolder == null) { return null; } try { return SshKeyGen.toPEM(keyProvider.getPrivateKey().getKey()); } catch (Exception e) { log.error("getPrivateKey: Failed to write PEM", e); return null; } }
@Override public String generateEncryptedToken(Map<String, Object> payload, Date expireDate) { return generateToken(payload, new Date(), expireDate, true); }
@Override public String decrypt(long accountId, String value) throws Exception { RSAPrivateKeyHolder holder = rsaKeyProvider.getPrivateKey(); PublicKey publicKey = rsaKeyProvider.getPublicKeys().get(holder.getKeyId()); String encoded = SshKeyGen.toPEM(publicKey); Map<String, Object> input = jsonMapper.readValue(value); input.put("rewrapKey", encoded); String encrypted = Request.Post(SECRETS_URL.get() + REWRAP) .bodyString(jsonMapper.writeValueAsString(input), ContentType.APPLICATION_JSON) .execute().handleResponse(new ResponseHandler<String>() { @Override public String handleResponse(HttpResponse response) throws ClientProtocolException, IOException { int statusCode = response.getStatusLine().getStatusCode(); if (statusCode >= 300) { throw new IOException("Failed to rewrap secret :" + response.getStatusLine().getReasonPhrase()); } return IOUtils.toString(response.getEntity().getContent()); } }); return unwrap(holder.getKey(), encrypted); }
protected byte[] getBootstrapSource(ApiRequest apiRequest) throws IOException { ClassLoader cl = BootstrapScriptsHandler.class.getClassLoader(); Certificate cert = keyProvider.getCACertificate(); byte[] pem = keyProvider.toBytes(cert); try (InputStream is = cl.getResourceAsStream(BOOTSTRAP_SOURCE.get())) { String content = IOUtils.toString(is); content = content.replace("REQUIRED_IMAGE=", String.format("REQUIRED_IMAGE=\"%s\"", REQUIRED_IMAGE.get())); content = content.replace("DETECTED_CATTLE_AGENT_IP=", String.format("DETECTED_CATTLE_AGENT_IP=\"%s\"", apiRequest.getClientIp())); content = content.replace("%CERT%", new String(pem, "UTF-8")); return content.getBytes("UTF-8"); } }
JWEHeader header = new JWEHeader(JWEAlgorithm.RSA_OAEP, EncryptionMethod.A128GCM); EncryptedJWT jwt = new EncryptedJWT(header, builder.build()); RSAEncrypter encrypter = new RSAEncrypter((RSAPublicKey) keyProvider.getDefaultPublicKey()); try { jwt.encrypt(encrypter); RSAPrivateKeyHolder privateKey = keyProvider.getPrivateKey(); builder.claim(KEY_ID, privateKey.getKeyId()); JWSSigner signer = new RSASSASigner(privateKey.getKey());
@Override public Map<String, Object> getJsonPayload(String token, boolean encrypted) throws TokenException { if (StringUtils.isEmpty(token)) { throw new TokenException("null or empty token"); } if (encrypted) { EncryptedJWT jwt = null; try { jwt = EncryptedJWT.parse(token); RSADecrypter decrypter = new RSADecrypter(keyProvider.getPrivateKey().getKey()); jwt.decrypt(decrypter); } catch (JOSEException | ParseException e) { throw new TokenDecryptionException("Invalid token", e); } return getJSONObject(jwt, encrypted); } try { JWSObject jws = JWSObject.parse(token); JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) keyProvider.getDefaultPublicKey()); if (!jws.verify(verifier)) { throw new TokenException("ERROR: Fradulent token"); } return getJSONObject(jws, encrypted); } catch (TokenException | ParseException | JOSEException e) { throw new TokenException("Error: Fradulent token, unrecognized signature", e); } }
public String getPublicKey() { for (Map.Entry<String, PublicKey> entry : keyProvider.getPublicKeys().entrySet()) { try { return SshKeyGen.writePublicKey(entry.getValue()); } catch (Exception e) { log.error("getPublicKey: Failed to write PEM", e); } } return null; }
protected String generateService(Service service, Stack stack) throws Exception { @SuppressWarnings("unchecked") Map<String, Object> metadata = DataAccessor.fields(service).withKey(ServiceConstants.FIELD_METADATA) .withDefault(Collections.EMPTY_MAP).as(Map.class); String serviceName = service.getName(); List<? extends String> configuredSans = DataAccessor.fromMap(metadata).withKey("sans") .withDefault(Collections.emptyList()).asList(jsonMapper, String.class); List<String> sans = new ArrayList<>(configuredSans); sans.add(serviceName.toLowerCase()); sans.add(String.format("%s.%s", serviceName, stack.getName()).toLowerCase()); sans.add(String.format("%s.%s.%s", serviceName, stack.getName(), NetworkConstants.INTERNAL_DNS_SEARCH_DOMAIN) .toLowerCase()); CertSet certSet = keyProvider.generateCertificate(serviceName, sans.toArray(new String[sans.size()])); ByteArrayOutputStream baos = new ByteArrayOutputStream(); certSet.writeZip(baos); return Base64.encodeBase64String(baos.toByteArray()); }
@Override public RSAPrivateKeyHolder getPrivateKey() { KeyPair kp = getKeyPair(); if (kp == null) { return null; } return new RSAPrivateKeyHolder(DEFAULT, (RSAPrivateKey) kp.getPrivate()); }
public String getPrivateKey() { RSAPrivateKeyHolder keyHolder = keyProvider.getPrivateKey(); if(keyHolder == null) { return null; } try { return SshKeyGen.toPEM(keyProvider.getPrivateKey().getKey()); } catch (Exception e) { log.error("getPrivateKey: Failed to write PEM", e); return null; } }
@Override public boolean handle(ApiRequest request) throws IOException { String id = request.getId(); if (!FILENAME.equals(id)) { return false; } Certificate cert = rsaKeyProvider.getCACertificate(); byte[] content = rsaKeyProvider.toBytes(cert); HttpServletResponse response = request.getServletContext().getResponse(); response.setContentLength(content.length); response.setContentType("application/octet-stream"); response.setHeader("Content-Disposition", "attachment; filename=" + FILENAME); response.setHeader("Cache-Control", "private"); response.setHeader("Pragma", "private"); response.setHeader("Expires", "Wed 24 Feb 1982 18:42:00 GMT"); response.getOutputStream().write(content); return true; }
public String getPublicKey() { for (Map.Entry<String, PublicKey> entry : keyProvider.getPublicKeys().entrySet()) { try { return SshKeyGen.writePublicKey(entry.getValue()); } catch (Exception e) { log.error("getPublicKey: Failed to write PEM", e); } } return null; }
CertSet cert = keyProvider.generateCertificate(publicValue, sans); prepareRequest(getFilename(cred, request), request);
@Override public String generateToken(Map<String, Object> payload, Date expireDate) { return generateToken(payload, new Date(), expireDate, false); }
@Override public String generateEncryptedToken(Map<String, Object> payload) { return generateToken(payload, new Date(), new Date(System.currentTimeMillis() + EXPIRATION.get() * 1000), true); }
@Override public String generateToken(Map<String, Object> payload) { return generateToken(payload, new Date(), new Date(System.currentTimeMillis() + EXPIRATION.get() * 1000), false); }