/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.coheigea.cxf.kerberos.authentication;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.apache.cxf.rs.security.jose.common.JoseConstants;
import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
import org.apache.cxf.rs.security.jose.jws.JwsUtils;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.kerby.kerberos.kerb.type.base.AuthToken;
import org.apache.kerby.kerberos.kerb.type.base.KrbTokenBase;
import org.apache.kerby.kerberos.kerb.type.base.TokenFormat;
import org.apache.wss4j.common.util.Loader;
/**
* We need a custom implementation of AuthToken to wrap the JWT token returned by CXF
*/
public class CXFKrbToken extends KrbTokenBase implements AuthToken {
private JwtClaims claims;
private boolean idToken;
public CXFKrbToken(JwtClaims claims, boolean idToken) {
this.claims = claims;
this.idToken = idToken;
setTokenFormat(TokenFormat.JWT);
}
public void sign() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(Loader.getResourceAsStream("clientstore.jks"), "cspass".toCharArray());
Properties signingProperties = new Properties();
signingProperties.put(JoseConstants.RSSEC_SIGNATURE_ALGORITHM, SignatureAlgorithm.RS256.name());
signingProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
signingProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "myclientkey");
signingProperties.put(JoseConstants.RSSEC_KEY_PSWD, "ckpass");
JwsHeaders jwsHeaders = new JwsHeaders(signingProperties);
JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
JwsSignatureProvider sigProvider =
JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders);
String signedToken = jws.signWith(sigProvider);
setTokenValue(signedToken.getBytes());
}
@Override
public String getSubject() {
return claims.getSubject();
}
@Override
public void setSubject(String sub) {
claims.setSubject(sub);
}
@Override
public String getIssuer() {
return claims.getIssuer();
}
@Override
public void setIssuer(String issuer) {
claims.setIssuer(issuer);
}
@Override
public List<String> getAudiences() {
return claims.getAudiences();
}
@Override
public void setAudiences(List<String> audiences) {
claims.setAudiences(audiences);
}
@Override
public boolean isIdToken() {
return idToken;
}
@Override
public void isIdToken(boolean isIdToken) {
this.idToken = isIdToken;
}
@Override
public boolean isAcToken() {
return !idToken;
}
@Override
public void isAcToken(boolean isAcToken) {
idToken = !isAcToken;
}
@Override
public boolean isBearerToken() {
return true;
}
@Override
public boolean isHolderOfKeyToken() {
return false;
}
@Override
public Date getExpiredTime() {
return new Date(claims.getExpiryTime());
}
@Override
public void setExpirationTime(Date exp) {
claims.setExpiryTime(exp.getTime());
}
@Override
public Date getNotBeforeTime() {
return new Date(claims.getNotBefore());
}
@Override
public void setNotBeforeTime(Date nbt) {
claims.setNotBefore(nbt.getTime());
}
@Override
public Date getIssueTime() {
return new Date(claims.getIssuedAt());
}
@Override
public void setIssueTime(Date iat) {
claims.setIssuedAt(iat.getTime());
}
@Override
public Map<String, Object> getAttributes() {
return claims.asMap();
}
@Override
public void addAttribute(String name, Object value) {
claims.setProperty(name, value);
}
}