Skip to content

Commit

Permalink
Add default behavior, if no checkingkey aliases are defined, use sign…
Browse files Browse the repository at this point in the history 
…ingkey alias
  • Loading branch information
@dennyverbeeck
dennyverbeeck committed Jun 12, 2018
1 parent 24c31fd commit fd6d488
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 19 deletions.
33 changes: 18 additions & 15 deletions src/main/java/org/radarcns/management/config/OAuth2ServerConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,21 +212,24 @@ public JwtAccessTokenConverter accessTokenConverter() {
KeyPair keyPair = kf.getKeyPair(signKey);
converter.setKeyPair(keyPair);

// get all public keys for verifying and set the converter's verifier to a MultiVerifier
List<SignatureVerifier> verifiers = managementPortalProperties.getOauth()
.getCheckingKeyAliases().stream()
.map(alias -> kf.getKeyPair(alias).getPublic())
.filter(publicKey -> publicKey instanceof RSAPublicKey
|| publicKey instanceof ECPublicKey)
.map(publicKey -> {
if (publicKey instanceof RSAPublicKey) {
return new RsaVerifier((RSAPublicKey) publicKey);
} else {
return new EcdsaVerifier((ECPublicKey) publicKey);
}
})
.collect(Collectors.toList());
converter.setVerifier(new MultiVerifier(verifiers));
// if a list of checking keys is defined, use that for checking
if (managementPortalProperties.getOauth().getCheckingKeyAliases() != null
&& !managementPortalProperties.getOauth().getCheckingKeyAliases().isEmpty()) {
// get all public keys for verifying and set the converter's verifier
// to a MultiVerifier
List<SignatureVerifier> verifiers =
managementPortalProperties.getOauth().getCheckingKeyAliases().stream()
.map(alias -> kf.getKeyPair(alias).getPublic())
.filter(publicKey -> publicKey instanceof RSAPublicKey
|| publicKey instanceof ECPublicKey).map(publicKey -> {
if (publicKey instanceof RSAPublicKey) {
return new RsaVerifier((RSAPublicKey) publicKey);
} else {
return new EcdsaVerifier((ECPublicKey) publicKey);
}
}).collect(Collectors.toList());
converter.setVerifier(new MultiVerifier(verifiers));
}

return converter;
}
Expand Down
12 changes: 11 additions & 1 deletion src/main/java/org/radarcns/management/config/SecurityConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@

import javax.annotation.PostConstruct;
import javax.servlet.Filter;
import java.util.Collections;
import java.util.List;

@Configuration
@EnableWebSecurity
Expand Down Expand Up @@ -138,8 +140,16 @@ public FilterRegistrationBean jwtAuthenticationFilterRegistration() {
}

public Filter jwtAuthenticationFilter() {
List<String> publicKeyAliases;
if (managementPortalProperties.getOauth().getCheckingKeyAliases() != null &&
!managementPortalProperties.getOauth().getCheckingKeyAliases().isEmpty()) {
publicKeyAliases = managementPortalProperties.getOauth().getCheckingKeyAliases();
} else {
publicKeyAliases = Collections.singletonList(managementPortalProperties.getOauth()
.getSigningKeyAlias());
}
return new JwtAuthenticationFilter(new TokenValidator(
new LocalKeystoreConfig(managementPortalProperties.getOauth().getKeyStorePassword(),
managementPortalProperties.getOauth().getCheckingKeyAliases())));
publicKeyAliases)));
}
}
3 changes: 0 additions & 3 deletions src/main/resources/config/application.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,9 +94,6 @@ managementportal:
oauth:
keyStorePassword: radarbase
signingKeyAlias: radarbase-managementportal-ec
checkingKeyAliases:
- radarbase-managementportal-ec
- radarbase-managementportal-rsa

# ===================================================================
# JHipster specific properties
Expand Down

0 comments on commit fd6d488

Please sign in to comment.