| <!DOCTYPE HTML> |
| <html lang="en"> |
| <head> |
| <title>Source code</title> |
| <link rel="stylesheet" type="text/css" href="../../../../../../../stylesheet.css" title="Style"> |
| </head> |
| <body> |
| <main role="main"> |
| <div class="sourceContainer"> |
| <pre><span class="sourceLineNo">001</span><a id="line.1">package org.apache.archiva.redback.authentication.jwt;</a> |
| <span class="sourceLineNo">002</span><a id="line.2"></a> |
| <span class="sourceLineNo">003</span><a id="line.3">/*</a> |
| <span class="sourceLineNo">004</span><a id="line.4"> * Licensed to the Apache Software Foundation (ASF) under one</a> |
| <span class="sourceLineNo">005</span><a id="line.5"> * or more contributor license agreements. See the NOTICE file</a> |
| <span class="sourceLineNo">006</span><a id="line.6"> * distributed with this work for additional information</a> |
| <span class="sourceLineNo">007</span><a id="line.7"> * regarding copyright ownership. The ASF licenses this file</a> |
| <span class="sourceLineNo">008</span><a id="line.8"> * to you under the Apache License, Version 2.0 (the</a> |
| <span class="sourceLineNo">009</span><a id="line.9"> * "License"); you may not use this file except in compliance</a> |
| <span class="sourceLineNo">010</span><a id="line.10"> * with the License. You may obtain a copy of the License at</a> |
| <span class="sourceLineNo">011</span><a id="line.11"> *</a> |
| <span class="sourceLineNo">012</span><a id="line.12"> * http://www.apache.org/licenses/LICENSE-2.0</a> |
| <span class="sourceLineNo">013</span><a id="line.13"> *</a> |
| <span class="sourceLineNo">014</span><a id="line.14"> * Unless required by applicable law or agreed to in writing,</a> |
| <span class="sourceLineNo">015</span><a id="line.15"> * software distributed under the License is distributed on an</a> |
| <span class="sourceLineNo">016</span><a id="line.16"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</a> |
| <span class="sourceLineNo">017</span><a id="line.17"> * KIND, either express or implied. See the License for the</a> |
| <span class="sourceLineNo">018</span><a id="line.18"> * specific language governing permissions and limitations</a> |
| <span class="sourceLineNo">019</span><a id="line.19"> * under the License.</a> |
| <span class="sourceLineNo">020</span><a id="line.20"> */</a> |
| <span class="sourceLineNo">021</span><a id="line.21"></a> |
| <span class="sourceLineNo">022</span><a id="line.22">import io.jsonwebtoken.Claims;</a> |
| <span class="sourceLineNo">023</span><a id="line.23">import io.jsonwebtoken.ExpiredJwtException;</a> |
| <span class="sourceLineNo">024</span><a id="line.24">import io.jsonwebtoken.IncorrectClaimException;</a> |
| <span class="sourceLineNo">025</span><a id="line.25">import io.jsonwebtoken.Jws;</a> |
| <span class="sourceLineNo">026</span><a id="line.26">import io.jsonwebtoken.JwsHeader;</a> |
| <span class="sourceLineNo">027</span><a id="line.27">import io.jsonwebtoken.JwtException;</a> |
| <span class="sourceLineNo">028</span><a id="line.28">import io.jsonwebtoken.JwtParser;</a> |
| <span class="sourceLineNo">029</span><a id="line.29">import io.jsonwebtoken.Jwts;</a> |
| <span class="sourceLineNo">030</span><a id="line.30">import io.jsonwebtoken.MalformedJwtException;</a> |
| <span class="sourceLineNo">031</span><a id="line.31">import io.jsonwebtoken.MissingClaimException;</a> |
| <span class="sourceLineNo">032</span><a id="line.32">import io.jsonwebtoken.SignatureAlgorithm;</a> |
| <span class="sourceLineNo">033</span><a id="line.33">import io.jsonwebtoken.SigningKeyResolverAdapter;</a> |
| <span class="sourceLineNo">034</span><a id="line.34">import io.jsonwebtoken.UnsupportedJwtException;</a> |
| <span class="sourceLineNo">035</span><a id="line.35">import io.jsonwebtoken.security.Keys;</a> |
| <span class="sourceLineNo">036</span><a id="line.36">import io.jsonwebtoken.security.SignatureException;</a> |
| <span class="sourceLineNo">037</span><a id="line.37">import org.apache.archiva.redback.authentication.AbstractAuthenticator;</a> |
| <span class="sourceLineNo">038</span><a id="line.38">import org.apache.archiva.redback.authentication.AuthenticationDataSource;</a> |
| <span class="sourceLineNo">039</span><a id="line.39">import org.apache.archiva.redback.authentication.AuthenticationException;</a> |
| <span class="sourceLineNo">040</span><a id="line.40">import org.apache.archiva.redback.authentication.AuthenticationFailureCause;</a> |
| <span class="sourceLineNo">041</span><a id="line.41">import org.apache.archiva.redback.authentication.AuthenticationResult;</a> |
| <span class="sourceLineNo">042</span><a id="line.42">import org.apache.archiva.redback.authentication.Authenticator;</a> |
| <span class="sourceLineNo">043</span><a id="line.43">import org.apache.archiva.redback.authentication.BearerTokenAuthenticationDataSource;</a> |
| <span class="sourceLineNo">044</span><a id="line.44">import org.apache.archiva.redback.authentication.SimpleTokenData;</a> |
| <span class="sourceLineNo">045</span><a id="line.45">import org.apache.archiva.redback.authentication.StringToken;</a> |
| <span class="sourceLineNo">046</span><a id="line.46">import org.apache.archiva.redback.authentication.Token;</a> |
| <span class="sourceLineNo">047</span><a id="line.47">import org.apache.archiva.redback.authentication.TokenBasedAuthenticationDataSource;</a> |
| <span class="sourceLineNo">048</span><a id="line.48">import org.apache.archiva.redback.authentication.TokenData;</a> |
| <span class="sourceLineNo">049</span><a id="line.49">import org.apache.archiva.redback.authentication.TokenType;</a> |
| <span class="sourceLineNo">050</span><a id="line.50">import org.apache.archiva.redback.configuration.UserConfiguration;</a> |
| <span class="sourceLineNo">051</span><a id="line.51">import org.apache.archiva.redback.configuration.UserConfigurationKeys;</a> |
| <span class="sourceLineNo">052</span><a id="line.52">import org.apache.commons.lang3.StringUtils;</a> |
| <span class="sourceLineNo">053</span><a id="line.53">import org.slf4j.Logger;</a> |
| <span class="sourceLineNo">054</span><a id="line.54">import org.slf4j.LoggerFactory;</a> |
| <span class="sourceLineNo">055</span><a id="line.55">import org.springframework.stereotype.Service;</a> |
| <span class="sourceLineNo">056</span><a id="line.56"></a> |
| <span class="sourceLineNo">057</span><a id="line.57">import javax.annotation.PostConstruct;</a> |
| <span class="sourceLineNo">058</span><a id="line.58">import javax.crypto.SecretKey;</a> |
| <span class="sourceLineNo">059</span><a id="line.59">import javax.crypto.spec.SecretKeySpec;</a> |
| <span class="sourceLineNo">060</span><a id="line.60">import javax.inject.Inject;</a> |
| <span class="sourceLineNo">061</span><a id="line.61">import javax.inject.Named;</a> |
| <span class="sourceLineNo">062</span><a id="line.62">import java.io.FileNotFoundException;</a> |
| <span class="sourceLineNo">063</span><a id="line.63">import java.io.IOException;</a> |
| <span class="sourceLineNo">064</span><a id="line.64">import java.io.InputStream;</a> |
| <span class="sourceLineNo">065</span><a id="line.65">import java.io.OutputStream;</a> |
| <span class="sourceLineNo">066</span><a id="line.66">import java.nio.file.Files;</a> |
| <span class="sourceLineNo">067</span><a id="line.67">import java.nio.file.Path;</a> |
| <span class="sourceLineNo">068</span><a id="line.68">import java.nio.file.Paths;</a> |
| <span class="sourceLineNo">069</span><a id="line.69">import java.nio.file.attribute.PosixFilePermissions;</a> |
| <span class="sourceLineNo">070</span><a id="line.70">import java.security.Key;</a> |
| <span class="sourceLineNo">071</span><a id="line.71">import java.security.KeyFactory;</a> |
| <span class="sourceLineNo">072</span><a id="line.72">import java.security.KeyPair;</a> |
| <span class="sourceLineNo">073</span><a id="line.73">import java.security.NoSuchAlgorithmException;</a> |
| <span class="sourceLineNo">074</span><a id="line.74">import java.security.PrivateKey;</a> |
| <span class="sourceLineNo">075</span><a id="line.75">import java.security.PublicKey;</a> |
| <span class="sourceLineNo">076</span><a id="line.76">import java.security.spec.InvalidKeySpecException;</a> |
| <span class="sourceLineNo">077</span><a id="line.77">import java.security.spec.PKCS8EncodedKeySpec;</a> |
| <span class="sourceLineNo">078</span><a id="line.78">import java.security.spec.X509EncodedKeySpec;</a> |
| <span class="sourceLineNo">079</span><a id="line.79">import java.time.Duration;</a> |
| <span class="sourceLineNo">080</span><a id="line.80">import java.time.Instant;</a> |
| <span class="sourceLineNo">081</span><a id="line.81">import java.util.Arrays;</a> |
| <span class="sourceLineNo">082</span><a id="line.82">import java.util.Base64;</a> |
| <span class="sourceLineNo">083</span><a id="line.83">import java.util.Date;</a> |
| <span class="sourceLineNo">084</span><a id="line.84">import java.util.HashMap;</a> |
| <span class="sourceLineNo">085</span><a id="line.85">import java.util.LinkedHashMap;</a> |
| <span class="sourceLineNo">086</span><a id="line.86">import java.util.Map;</a> |
| <span class="sourceLineNo">087</span><a id="line.87">import java.util.Properties;</a> |
| <span class="sourceLineNo">088</span><a id="line.88">import java.util.UUID;</a> |
| <span class="sourceLineNo">089</span><a id="line.89">import java.util.concurrent.atomic.AtomicLong;</a> |
| <span class="sourceLineNo">090</span><a id="line.90">import java.util.concurrent.locks.ReadWriteLock;</a> |
| <span class="sourceLineNo">091</span><a id="line.91">import java.util.concurrent.locks.ReentrantReadWriteLock;</a> |
| <span class="sourceLineNo">092</span><a id="line.92"></a> |
| <span class="sourceLineNo">093</span><a id="line.93">import static org.apache.archiva.redback.configuration.UserConfigurationKeys.*;</a> |
| <span class="sourceLineNo">094</span><a id="line.94"></a> |
| <span class="sourceLineNo">095</span><a id="line.95">/**</a> |
| <span class="sourceLineNo">096</span><a id="line.96"> * Authenticator for JWT tokens. This authenticator needs a secret key or keypair depending</a> |
| <span class="sourceLineNo">097</span><a id="line.97"> * on the used algorithm for signing and verification.</a> |
| <span class="sourceLineNo">098</span><a id="line.98"> * The key can be either volatile in memory, which means a new one is created, with each</a> |
| <span class="sourceLineNo">099</span><a id="line.99"> * start of the service. Or it can be stored in a file.</a> |
| <span class="sourceLineNo">100</span><a id="line.100"> * If this service is running in a cluster, you need a shared filesystem (NFS) for storing</a> |
| <span class="sourceLineNo">101</span><a id="line.101"> * the key file otherwise different keys will be used in each instance.</a> |
| <span class="sourceLineNo">102</span><a id="line.102"> * <p></a> |
| <span class="sourceLineNo">103</span><a id="line.103"> * You can renew the used key ({@link #renewSigningKey()}). The authenticator keeps a fixed</a> |
| <span class="sourceLineNo">104</span><a id="line.104"> * sized list of the last keys used and stores the key identifier in the JWT header.</a> |
| <span class="sourceLineNo">105</span><a id="line.105"> * <p></a> |
| <span class="sourceLineNo">106</span><a id="line.106"> * The default algorithm used for the JWT is currently {@link org.apache.archiva.redback.configuration.UserConfigurationKeys#AUTHENTICATION_JWT_SIGALG_ES384}</a> |
| <span class="sourceLineNo">107</span><a id="line.107"> *</a> |
| <span class="sourceLineNo">108</span><a id="line.108"> * If the <code>plainfile</code> keystore is used, only the most recent key is saved to the file. Not the</a> |
| <span class="sourceLineNo">109</span><a id="line.109"> * complete list.</a> |
| <span class="sourceLineNo">110</span><a id="line.110"> *</a> |
| <span class="sourceLineNo">111</span><a id="line.111"> * The JWT tokens have a lifetime set (14400 seconds - 4 hours).</a> |
| <span class="sourceLineNo">112</span><a id="line.112"> *</a> |
| <span class="sourceLineNo">113</span><a id="line.113"> * The following configuration keys are used to setup this authenticator:</a> |
| <span class="sourceLineNo">114</span><a id="line.114"> * <dl></a> |
| <span class="sourceLineNo">115</span><a id="line.115"> * <dt>{@value UserConfigurationKeys#AUTHENTICATION_JWT_KEYSTORETYPE}</dt></a> |
| <span class="sourceLineNo">116</span><a id="line.116"> * <dd>The type of the keystore, either <code>{@value UserConfigurationKeys#AUTHENTICATION_JWT_KEYSTORETYPE_MEMORY}</code></a> |
| <span class="sourceLineNo">117</span><a id="line.117"> * (key is lost, if the jvm stops) or <code>{@value UserConfigurationKeys#AUTHENTICATION_JWT_KEYSTORETYPE_PLAINFILE}</code></dd></a> |
| <span class="sourceLineNo">118</span><a id="line.118"> * <dt>{@value UserConfigurationKeys#AUTHENTICATION_JWT_SIGALG}</dt></a> |
| <span class="sourceLineNo">119</span><a id="line.119"> * <dd>The signature algorithm for the JWT.</a> |
| <span class="sourceLineNo">120</span><a id="line.120"> * <ul></a> |
| <span class="sourceLineNo">121</span><a id="line.121"> * <li>HS256: HMAC using SHA-256</li></a> |
| <span class="sourceLineNo">122</span><a id="line.122"> * <li>HS384: HMAC using SHA-384</li></a> |
| <span class="sourceLineNo">123</span><a id="line.123"> * <li>HS512: HMAC using SHA-512</li></a> |
| <span class="sourceLineNo">124</span><a id="line.124"> * <li>ES256: ECDSA using P-256 and SHA-256</li></a> |
| <span class="sourceLineNo">125</span><a id="line.125"> * <li>ES384: ECDSA using P-384 and SHA-384</li></a> |
| <span class="sourceLineNo">126</span><a id="line.126"> * <li>ES512: ECDSA using P-521 and SHA-512</li></a> |
| <span class="sourceLineNo">127</span><a id="line.127"> * <li>RS256: RSASSA-PKCS-v1_5 using SHA-256</li></a> |
| <span class="sourceLineNo">128</span><a id="line.128"> * <li>RS384: RSASSA-PKCS-v1_5 using SHA-384</li></a> |
| <span class="sourceLineNo">129</span><a id="line.129"> * <li>RS512: RSASSA-PKCS-v1_5 using SHA-512</li></a> |
| <span class="sourceLineNo">130</span><a id="line.130"> * <li>PS256: RSASSA-PSS using SHA-256 and MGF1 with SHA-256</li></a> |
| <span class="sourceLineNo">131</span><a id="line.131"> * <li>PS384: RSASSA-PSS using SHA-384 and MGF1 with SHA-384</li></a> |
| <span class="sourceLineNo">132</span><a id="line.132"> * <li>PS512: RSASSA-PSS using SHA-512 and MGF1 with SHA-512</li></a> |
| <span class="sourceLineNo">133</span><a id="line.133"> * </ul></a> |
| <span class="sourceLineNo">134</span><a id="line.134"> * </dd></a> |
| <span class="sourceLineNo">135</span><a id="line.135"> * <dt>{@value UserConfigurationKeys#AUTHENTICATION_JWT_MAX_KEYS}</dt></a> |
| <span class="sourceLineNo">136</span><a id="line.136"> * <dd>The maximum number of signature keys to keep in memory for verification</dd></a> |
| <span class="sourceLineNo">137</span><a id="line.137"> * <dt>{@value UserConfigurationKeys#AUTHENTICATION_JWT_KEYFILE}</dt></a> |
| <span class="sourceLineNo">138</span><a id="line.138"> * <dd>The key file. Either a full path to the file, or a single filename, which means it is stored in the working directory</dd></a> |
| <span class="sourceLineNo">139</span><a id="line.139"> * <dt>{@value UserConfigurationKeys#AUTHENTICATION_JWT_LIFETIME_MS}</dt></a> |
| <span class="sourceLineNo">140</span><a id="line.140"> * <dd>The default token lifetime in milliseconds</dd></a> |
| <span class="sourceLineNo">141</span><a id="line.141"> * </dl></a> |
| <span class="sourceLineNo">142</span><a id="line.142"> */</a> |
| <span class="sourceLineNo">143</span><a id="line.143">@Service( "authenticator#jwt" )</a> |
| <span class="sourceLineNo">144</span><a id="line.144">public class JwtAuthenticator extends AbstractAuthenticator implements Authenticator</a> |
| <span class="sourceLineNo">145</span><a id="line.145">{</a> |
| <span class="sourceLineNo">146</span><a id="line.146"> private static final Logger log = LoggerFactory.getLogger( JwtAuthenticator.class );</a> |
| <span class="sourceLineNo">147</span><a id="line.147"></a> |
| <span class="sourceLineNo">148</span><a id="line.148"> // 4 hours for standard tokens</a> |
| <span class="sourceLineNo">149</span><a id="line.149"> public static final String DEFAULT_LIFETIME = "14400000";</a> |
| <span class="sourceLineNo">150</span><a id="line.150"> // 7 days for refresh tokens</a> |
| <span class="sourceLineNo">151</span><a id="line.151"> public static final String DEFAULT_REFRESH_LIFETIME = "604800000";</a> |
| <span class="sourceLineNo">152</span><a id="line.152"> public static final String DEFAULT_KEYFILE = "jwt-key.xml";</a> |
| <span class="sourceLineNo">153</span><a id="line.153"> public static final String ID = "JwtAuthenticator";</a> |
| <span class="sourceLineNo">154</span><a id="line.154"> public static final String PROP_PRIV_ALG = "privateAlgorithm";</a> |
| <span class="sourceLineNo">155</span><a id="line.155"> public static final String PROP_PRIV_FORMAT = "privateFormat";</a> |
| <span class="sourceLineNo">156</span><a id="line.156"> public static final String PROP_PUB_ALG = "publicAlgorithm";</a> |
| <span class="sourceLineNo">157</span><a id="line.157"> public static final String PROP_PUB_FORMAT = "publicFormat";</a> |
| <span class="sourceLineNo">158</span><a id="line.158"> public static final String PROP_PRIVATEKEY = "privateKey";</a> |
| <span class="sourceLineNo">159</span><a id="line.159"> public static final String PROP_PUBLICKEY = "publicKey";</a> |
| <span class="sourceLineNo">160</span><a id="line.160"> public static final String PROP_KEYID = "keyId";</a> |
| <span class="sourceLineNo">161</span><a id="line.161"> private static final String ISSUER = "archiva.apache.org/redback";</a> |
| <span class="sourceLineNo">162</span><a id="line.162"> private static final String TOKEN_TYPE = "token_type";</a> |
| <span class="sourceLineNo">163</span><a id="line.163"></a> |
| <span class="sourceLineNo">164</span><a id="line.164"></a> |
| <span class="sourceLineNo">165</span><a id="line.165"> @Inject</a> |
| <span class="sourceLineNo">166</span><a id="line.166"> @Named( value = "userConfiguration#default" )</a> |
| <span class="sourceLineNo">167</span><a id="line.167"> UserConfiguration userConfiguration;</a> |
| <span class="sourceLineNo">168</span><a id="line.168"></a> |
| <span class="sourceLineNo">169</span><a id="line.169"> boolean symmetricAlgorithm = true;</a> |
| <span class="sourceLineNo">170</span><a id="line.170"> boolean fileStore = false;</a> |
| <span class="sourceLineNo">171</span><a id="line.171"> LinkedHashMap<Long, SecretKey> secretKey;</a> |
| <span class="sourceLineNo">172</span><a id="line.172"> LinkedHashMap<Long, KeyPair> keyPair;</a> |
| <span class="sourceLineNo">173</span><a id="line.173"> String signatureAlgorithm;</a> |
| <span class="sourceLineNo">174</span><a id="line.174"> String keystoreType;</a> |
| <span class="sourceLineNo">175</span><a id="line.175"> Path keystoreFilePath;</a> |
| <span class="sourceLineNo">176</span><a id="line.176"> int maxInMemoryKeys = 5;</a> |
| <span class="sourceLineNo">177</span><a id="line.177"> AtomicLong keyCounter;</a> |
| <span class="sourceLineNo">178</span><a id="line.178"> final SigningKeyResolver resolver = new SigningKeyResolver( );</a> |
| <span class="sourceLineNo">179</span><a id="line.179"> final ReadWriteLock lock = new ReentrantReadWriteLock( );</a> |
| <span class="sourceLineNo">180</span><a id="line.180"> private Duration tokenLifetime;</a> |
| <span class="sourceLineNo">181</span><a id="line.181"> private Duration refreshTokenLifetime;</a> |
| <span class="sourceLineNo">182</span><a id="line.182"> private Map<TokenType, JwtParser> parserMap = new HashMap<>( );</a> |
| <span class="sourceLineNo">183</span><a id="line.183"></a> |
| <span class="sourceLineNo">184</span><a id="line.184"></a> |
| <span class="sourceLineNo">185</span><a id="line.185"> private JwtParser getParser(TokenType type) {</a> |
| <span class="sourceLineNo">186</span><a id="line.186"> return parserMap.get( type );</a> |
| <span class="sourceLineNo">187</span><a id="line.187"> }</a> |
| <span class="sourceLineNo">188</span><a id="line.188"> public class SigningKeyResolver extends SigningKeyResolverAdapter</a> |
| <span class="sourceLineNo">189</span><a id="line.189"> {</a> |
| <span class="sourceLineNo">190</span><a id="line.190"></a> |
| <span class="sourceLineNo">191</span><a id="line.191"> @Override</a> |
| <span class="sourceLineNo">192</span><a id="line.192"> public Key resolveSigningKey( JwsHeader jwsHeader, Claims claims )</a> |
| <span class="sourceLineNo">193</span><a id="line.193"> {</a> |
| <span class="sourceLineNo">194</span><a id="line.194"> Long keyId = Long.valueOf( jwsHeader.get( JwsHeader.KEY_ID ).toString() );</a> |
| <span class="sourceLineNo">195</span><a id="line.195"> Key key;</a> |
| <span class="sourceLineNo">196</span><a id="line.196"> if (symmetricAlgorithm) {</a> |
| <span class="sourceLineNo">197</span><a id="line.197"> key = getSecretKey( keyId );</a> |
| <span class="sourceLineNo">198</span><a id="line.198"> } else</a> |
| <span class="sourceLineNo">199</span><a id="line.199"> {</a> |
| <span class="sourceLineNo">200</span><a id="line.200"> KeyPair pair = getKeyPair( keyId );</a> |
| <span class="sourceLineNo">201</span><a id="line.201"> if (pair == null) {</a> |
| <span class="sourceLineNo">202</span><a id="line.202"> throw new JwtKeyIdNotFoundException( "Key ID not found in current list. Verification failed." );</a> |
| <span class="sourceLineNo">203</span><a id="line.203"> }</a> |
| <span class="sourceLineNo">204</span><a id="line.204"> key = pair.getPublic( );</a> |
| <span class="sourceLineNo">205</span><a id="line.205"> }</a> |
| <span class="sourceLineNo">206</span><a id="line.206"> if (key==null) {</a> |
| <span class="sourceLineNo">207</span><a id="line.207"> throw new JwtKeyIdNotFoundException( "Key ID not found in current list. Verification failed." );</a> |
| <span class="sourceLineNo">208</span><a id="line.208"> }</a> |
| <span class="sourceLineNo">209</span><a id="line.209"> return key;</a> |
| <span class="sourceLineNo">210</span><a id="line.210"> }</a> |
| <span class="sourceLineNo">211</span><a id="line.211"> }</a> |
| <span class="sourceLineNo">212</span><a id="line.212"></a> |
| <span class="sourceLineNo">213</span><a id="line.213"> @Override</a> |
| <span class="sourceLineNo">214</span><a id="line.214"> public String getId( )</a> |
| <span class="sourceLineNo">215</span><a id="line.215"> {</a> |
| <span class="sourceLineNo">216</span><a id="line.216"> return ID;</a> |
| <span class="sourceLineNo">217</span><a id="line.217"> }</a> |
| <span class="sourceLineNo">218</span><a id="line.218"></a> |
| <span class="sourceLineNo">219</span><a id="line.219"> @PostConstruct</a> |
| <span class="sourceLineNo">220</span><a id="line.220"> public void init( ) throws AuthenticationException</a> |
| <span class="sourceLineNo">221</span><a id="line.221"> {</a> |
| <span class="sourceLineNo">222</span><a id="line.222"> super.initialize();</a> |
| <span class="sourceLineNo">223</span><a id="line.223"> this.keyCounter = new AtomicLong( System.currentTimeMillis( ) );</a> |
| <span class="sourceLineNo">224</span><a id="line.224"> this.keystoreType = userConfiguration.getString( AUTHENTICATION_JWT_KEYSTORETYPE, AUTHENTICATION_JWT_KEYSTORETYPE_MEMORY );</a> |
| <span class="sourceLineNo">225</span><a id="line.225"> this.fileStore = this.keystoreType.equals( AUTHENTICATION_JWT_KEYSTORETYPE_PLAINFILE );</a> |
| <span class="sourceLineNo">226</span><a id="line.226"> this.signatureAlgorithm = userConfiguration.getString( AUTHENTICATION_JWT_SIGALG, AUTHENTICATION_JWT_SIGALG_HS384 );</a> |
| <span class="sourceLineNo">227</span><a id="line.227"> this.maxInMemoryKeys = userConfiguration.getInt( AUTHENTICATION_JWT_MAX_KEYS, 5 );</a> |
| <span class="sourceLineNo">228</span><a id="line.228"> secretKey = new LinkedHashMap<Long, SecretKey>( )</a> |
| <span class="sourceLineNo">229</span><a id="line.229"> {</a> |
| <span class="sourceLineNo">230</span><a id="line.230"> @Override</a> |
| <span class="sourceLineNo">231</span><a id="line.231"> protected boolean removeEldestEntry( Map.Entry eldest )</a> |
| <span class="sourceLineNo">232</span><a id="line.232"> {</a> |
| <span class="sourceLineNo">233</span><a id="line.233"> return size( ) > maxInMemoryKeys;</a> |
| <span class="sourceLineNo">234</span><a id="line.234"> }</a> |
| <span class="sourceLineNo">235</span><a id="line.235"> };</a> |
| <span class="sourceLineNo">236</span><a id="line.236"> keyPair = new LinkedHashMap<Long, KeyPair>( )</a> |
| <span class="sourceLineNo">237</span><a id="line.237"> {</a> |
| <span class="sourceLineNo">238</span><a id="line.238"> @Override</a> |
| <span class="sourceLineNo">239</span><a id="line.239"> protected boolean removeEldestEntry( Map.Entry eldest )</a> |
| <span class="sourceLineNo">240</span><a id="line.240"> {</a> |
| <span class="sourceLineNo">241</span><a id="line.241"> return size( ) > maxInMemoryKeys;</a> |
| <span class="sourceLineNo">242</span><a id="line.242"> }</a> |
| <span class="sourceLineNo">243</span><a id="line.243"> };</a> |
| <span class="sourceLineNo">244</span><a id="line.244"></a> |
| <span class="sourceLineNo">245</span><a id="line.245"></a> |
| <span class="sourceLineNo">246</span><a id="line.246"> this.symmetricAlgorithm = this.signatureAlgorithm.startsWith( "HS" );</a> |
| <span class="sourceLineNo">247</span><a id="line.247"></a> |
| <span class="sourceLineNo">248</span><a id="line.248"> if ( this.fileStore )</a> |
| <span class="sourceLineNo">249</span><a id="line.249"> {</a> |
| <span class="sourceLineNo">250</span><a id="line.250"> String file = userConfiguration.getString( AUTHENTICATION_JWT_KEYFILE, DEFAULT_KEYFILE );</a> |
| <span class="sourceLineNo">251</span><a id="line.251"> this.keystoreFilePath = Paths.get( file ).toAbsolutePath( );</a> |
| <span class="sourceLineNo">252</span><a id="line.252"> handleKeyfile( );</a> |
| <span class="sourceLineNo">253</span><a id="line.253"> }</a> |
| <span class="sourceLineNo">254</span><a id="line.254"> else</a> |
| <span class="sourceLineNo">255</span><a id="line.255"> {</a> |
| <span class="sourceLineNo">256</span><a id="line.256"> // In memory key store is the default</a> |
| <span class="sourceLineNo">257</span><a id="line.257"> addNewKey( );</a> |
| <span class="sourceLineNo">258</span><a id="line.258"> }</a> |
| <span class="sourceLineNo">259</span><a id="line.259"> this.parserMap.put(TokenType.ALL, Jwts.parserBuilder( )</a> |
| <span class="sourceLineNo">260</span><a id="line.260"> .setSigningKeyResolver( getResolver( ) )</a> |
| <span class="sourceLineNo">261</span><a id="line.261"> .requireIssuer( ISSUER )</a> |
| <span class="sourceLineNo">262</span><a id="line.262"> .build( ));</a> |
| <span class="sourceLineNo">263</span><a id="line.263"> this.parserMap.put(TokenType.ACCESS_TOKEN, Jwts.parserBuilder( )</a> |
| <span class="sourceLineNo">264</span><a id="line.264"> .setSigningKeyResolver( getResolver( ) )</a> |
| <span class="sourceLineNo">265</span><a id="line.265"> .requireIssuer( ISSUER )</a> |
| <span class="sourceLineNo">266</span><a id="line.266"> .require( TOKEN_TYPE, TokenType.ACCESS_TOKEN.getClaim() )</a> |
| <span class="sourceLineNo">267</span><a id="line.267"> .build( ));</a> |
| <span class="sourceLineNo">268</span><a id="line.268"> this.parserMap.put(TokenType.REFRESH_TOKEN, Jwts.parserBuilder( )</a> |
| <span class="sourceLineNo">269</span><a id="line.269"> .setSigningKeyResolver( getResolver( ) )</a> |
| <span class="sourceLineNo">270</span><a id="line.270"> .requireIssuer( ISSUER )</a> |
| <span class="sourceLineNo">271</span><a id="line.271"> .require( TOKEN_TYPE, TokenType.REFRESH_TOKEN.getClaim() )</a> |
| <span class="sourceLineNo">272</span><a id="line.272"> .build( ));</a> |
| <span class="sourceLineNo">273</span><a id="line.273"></a> |
| <span class="sourceLineNo">274</span><a id="line.274"></a> |
| <span class="sourceLineNo">275</span><a id="line.275"> tokenLifetime = Duration.ofMillis( Long.parseLong( userConfiguration.getString( AUTHENTICATION_JWT_LIFETIME_MS, DEFAULT_LIFETIME ) ) );</a> |
| <span class="sourceLineNo">276</span><a id="line.276"> refreshTokenLifetime = Duration.ofMillis( Long.parseLong( userConfiguration.getString( AUTHENTICATION_JWT_REFRESH_LIFETIME_MS, DEFAULT_REFRESH_LIFETIME ) ) );</a> |
| <span class="sourceLineNo">277</span><a id="line.277"> }</a> |
| <span class="sourceLineNo">278</span><a id="line.278"></a> |
| <span class="sourceLineNo">279</span><a id="line.279"> private void addNewSecretKey( Long id, SecretKey key )</a> |
| <span class="sourceLineNo">280</span><a id="line.280"> {</a> |
| <span class="sourceLineNo">281</span><a id="line.281"> lock.writeLock( ).lock( );</a> |
| <span class="sourceLineNo">282</span><a id="line.282"> try</a> |
| <span class="sourceLineNo">283</span><a id="line.283"> {</a> |
| <span class="sourceLineNo">284</span><a id="line.284"> this.secretKey.put( id, key );</a> |
| <span class="sourceLineNo">285</span><a id="line.285"> }</a> |
| <span class="sourceLineNo">286</span><a id="line.286"> finally</a> |
| <span class="sourceLineNo">287</span><a id="line.287"> {</a> |
| <span class="sourceLineNo">288</span><a id="line.288"> lock.writeLock( ).unlock( );</a> |
| <span class="sourceLineNo">289</span><a id="line.289"> }</a> |
| <span class="sourceLineNo">290</span><a id="line.290"> }</a> |
| <span class="sourceLineNo">291</span><a id="line.291"></a> |
| <span class="sourceLineNo">292</span><a id="line.292"> private void addNewKeyPair( Long id, KeyPair pair )</a> |
| <span class="sourceLineNo">293</span><a id="line.293"> {</a> |
| <span class="sourceLineNo">294</span><a id="line.294"> lock.writeLock( ).lock( );</a> |
| <span class="sourceLineNo">295</span><a id="line.295"> try</a> |
| <span class="sourceLineNo">296</span><a id="line.296"> {</a> |
| <span class="sourceLineNo">297</span><a id="line.297"> this.keyPair.put( id, pair );</a> |
| <span class="sourceLineNo">298</span><a id="line.298"> }</a> |
| <span class="sourceLineNo">299</span><a id="line.299"> finally</a> |
| <span class="sourceLineNo">300</span><a id="line.300"> {</a> |
| <span class="sourceLineNo">301</span><a id="line.301"> lock.writeLock( ).unlock( );</a> |
| <span class="sourceLineNo">302</span><a id="line.302"> }</a> |
| <span class="sourceLineNo">303</span><a id="line.303"> }</a> |
| <span class="sourceLineNo">304</span><a id="line.304"></a> |
| <span class="sourceLineNo">305</span><a id="line.305"> private Long addNewKey( )</a> |
| <span class="sourceLineNo">306</span><a id="line.306"> {</a> |
| <span class="sourceLineNo">307</span><a id="line.307"> final Long id = keyCounter.incrementAndGet( );</a> |
| <span class="sourceLineNo">308</span><a id="line.308"> if ( this.symmetricAlgorithm )</a> |
| <span class="sourceLineNo">309</span><a id="line.309"> {</a> |
| <span class="sourceLineNo">310</span><a id="line.310"> addNewSecretKey( id, createNewSecretKey( this.signatureAlgorithm ) );</a> |
| <span class="sourceLineNo">311</span><a id="line.311"> }</a> |
| <span class="sourceLineNo">312</span><a id="line.312"> else</a> |
| <span class="sourceLineNo">313</span><a id="line.313"> {</a> |
| <span class="sourceLineNo">314</span><a id="line.314"> addNewKeyPair( id, createNewKeyPair( this.signatureAlgorithm ) );</a> |
| <span class="sourceLineNo">315</span><a id="line.315"> }</a> |
| <span class="sourceLineNo">316</span><a id="line.316"> return id;</a> |
| <span class="sourceLineNo">317</span><a id="line.317"> }</a> |
| <span class="sourceLineNo">318</span><a id="line.318"></a> |
| <span class="sourceLineNo">319</span><a id="line.319"> private SecretKey getSecretKey( Long id )</a> |
| <span class="sourceLineNo">320</span><a id="line.320"> {</a> |
| <span class="sourceLineNo">321</span><a id="line.321"> lock.readLock( ).lock( );</a> |
| <span class="sourceLineNo">322</span><a id="line.322"> try</a> |
| <span class="sourceLineNo">323</span><a id="line.323"> {</a> |
| <span class="sourceLineNo">324</span><a id="line.324"> return this.secretKey.get( id );</a> |
| <span class="sourceLineNo">325</span><a id="line.325"> }</a> |
| <span class="sourceLineNo">326</span><a id="line.326"> finally</a> |
| <span class="sourceLineNo">327</span><a id="line.327"> {</a> |
| <span class="sourceLineNo">328</span><a id="line.328"> lock.readLock( ).unlock( );</a> |
| <span class="sourceLineNo">329</span><a id="line.329"> }</a> |
| <span class="sourceLineNo">330</span><a id="line.330"> }</a> |
| <span class="sourceLineNo">331</span><a id="line.331"></a> |
| <span class="sourceLineNo">332</span><a id="line.332"> private KeyPair getKeyPair( Long id )</a> |
| <span class="sourceLineNo">333</span><a id="line.333"> {</a> |
| <span class="sourceLineNo">334</span><a id="line.334"> lock.readLock( ).lock( );</a> |
| <span class="sourceLineNo">335</span><a id="line.335"> try</a> |
| <span class="sourceLineNo">336</span><a id="line.336"> {</a> |
| <span class="sourceLineNo">337</span><a id="line.337"> return this.keyPair.get( id );</a> |
| <span class="sourceLineNo">338</span><a id="line.338"> }</a> |
| <span class="sourceLineNo">339</span><a id="line.339"> finally</a> |
| <span class="sourceLineNo">340</span><a id="line.340"> {</a> |
| <span class="sourceLineNo">341</span><a id="line.341"> lock.readLock( ).unlock( );</a> |
| <span class="sourceLineNo">342</span><a id="line.342"> }</a> |
| <span class="sourceLineNo">343</span><a id="line.343"> }</a> |
| <span class="sourceLineNo">344</span><a id="line.344"></a> |
| <span class="sourceLineNo">345</span><a id="line.345"> private void handleKeyfile( )</a> |
| <span class="sourceLineNo">346</span><a id="line.346"> {</a> |
| <span class="sourceLineNo">347</span><a id="line.347"> if ( !Files.exists( this.keystoreFilePath ) )</a> |
| <span class="sourceLineNo">348</span><a id="line.348"> {</a> |
| <span class="sourceLineNo">349</span><a id="line.349"> final Long keyId = addNewKey( );</a> |
| <span class="sourceLineNo">350</span><a id="line.350"> if ( this.symmetricAlgorithm )</a> |
| <span class="sourceLineNo">351</span><a id="line.351"> {</a> |
| <span class="sourceLineNo">352</span><a id="line.352"> try</a> |
| <span class="sourceLineNo">353</span><a id="line.353"> {</a> |
| <span class="sourceLineNo">354</span><a id="line.354"> writeSecretKey( this.keystoreFilePath, keyId, getSecretKey( keyId ) );</a> |
| <span class="sourceLineNo">355</span><a id="line.355"> }</a> |
| <span class="sourceLineNo">356</span><a id="line.356"> catch ( IOException e )</a> |
| <span class="sourceLineNo">357</span><a id="line.357"> {</a> |
| <span class="sourceLineNo">358</span><a id="line.358"> log.error( "Could not write Jwt key file {}: {}", this.keystoreFilePath, e.getMessage( ), e );</a> |
| <span class="sourceLineNo">359</span><a id="line.359"> log.warn( "Switching to in memory key handling " );</a> |
| <span class="sourceLineNo">360</span><a id="line.360"> this.fileStore = false;</a> |
| <span class="sourceLineNo">361</span><a id="line.361"> }</a> |
| <span class="sourceLineNo">362</span><a id="line.362"> }</a> |
| <span class="sourceLineNo">363</span><a id="line.363"> else</a> |
| <span class="sourceLineNo">364</span><a id="line.364"> {</a> |
| <span class="sourceLineNo">365</span><a id="line.365"> try</a> |
| <span class="sourceLineNo">366</span><a id="line.366"> {</a> |
| <span class="sourceLineNo">367</span><a id="line.367"> writeKeyPair( this.keystoreFilePath, keyId, getKeyPair( keyId ) );</a> |
| <span class="sourceLineNo">368</span><a id="line.368"> }</a> |
| <span class="sourceLineNo">369</span><a id="line.369"> catch ( IOException e )</a> |
| <span class="sourceLineNo">370</span><a id="line.370"> {</a> |
| <span class="sourceLineNo">371</span><a id="line.371"> log.error( "Could not write Jwt key file {}: {}", this.keystoreFilePath, e.getMessage( ), e );</a> |
| <span class="sourceLineNo">372</span><a id="line.372"> log.warn( "Switching to in memory key handling " );</a> |
| <span class="sourceLineNo">373</span><a id="line.373"> this.fileStore = false;</a> |
| <span class="sourceLineNo">374</span><a id="line.374"> }</a> |
| <span class="sourceLineNo">375</span><a id="line.375"> }</a> |
| <span class="sourceLineNo">376</span><a id="line.376"> }</a> |
| <span class="sourceLineNo">377</span><a id="line.377"> else</a> |
| <span class="sourceLineNo">378</span><a id="line.378"> {</a> |
| <span class="sourceLineNo">379</span><a id="line.379"> if ( this.symmetricAlgorithm )</a> |
| <span class="sourceLineNo">380</span><a id="line.380"> {</a> |
| <span class="sourceLineNo">381</span><a id="line.381"> try</a> |
| <span class="sourceLineNo">382</span><a id="line.382"> {</a> |
| <span class="sourceLineNo">383</span><a id="line.383"> final KeyHolder key = loadKeyFromFile( this.keystoreFilePath );</a> |
| <span class="sourceLineNo">384</span><a id="line.384"> keyCounter.set( key.getId() );</a> |
| <span class="sourceLineNo">385</span><a id="line.385"> addNewSecretKey( key.getId(), key.getSecretKey() );</a> |
| <span class="sourceLineNo">386</span><a id="line.386"> }</a> |
| <span class="sourceLineNo">387</span><a id="line.387"> catch ( IOException e )</a> |
| <span class="sourceLineNo">388</span><a id="line.388"> {</a> |
| <span class="sourceLineNo">389</span><a id="line.389"> log.error( "Could not read Jwt key file {}: {}", this.keystoreFilePath, e.getMessage( ), e );</a> |
| <span class="sourceLineNo">390</span><a id="line.390"> log.warn( "Switching to in memory key handling " );</a> |
| <span class="sourceLineNo">391</span><a id="line.391"> this.fileStore = false;</a> |
| <span class="sourceLineNo">392</span><a id="line.392"> addNewKey( );</a> |
| <span class="sourceLineNo">393</span><a id="line.393"> }</a> |
| <span class="sourceLineNo">394</span><a id="line.394"> }</a> |
| <span class="sourceLineNo">395</span><a id="line.395"> else</a> |
| <span class="sourceLineNo">396</span><a id="line.396"> {</a> |
| <span class="sourceLineNo">397</span><a id="line.397"> try</a> |
| <span class="sourceLineNo">398</span><a id="line.398"> {</a> |
| <span class="sourceLineNo">399</span><a id="line.399"> final KeyHolder pair = loadPairFromFile( this.keystoreFilePath );</a> |
| <span class="sourceLineNo">400</span><a id="line.400"> keyCounter.set( pair.getId() );</a> |
| <span class="sourceLineNo">401</span><a id="line.401"> addNewKeyPair( pair.getId(), pair.getKeyPair() );</a> |
| <span class="sourceLineNo">402</span><a id="line.402"> }</a> |
| <span class="sourceLineNo">403</span><a id="line.403"> catch ( Exception e )</a> |
| <span class="sourceLineNo">404</span><a id="line.404"> {</a> |
| <span class="sourceLineNo">405</span><a id="line.405"> log.error( "Could not read Jwt key file {}: {}", this.keystoreFilePath, e.getMessage( ), e );</a> |
| <span class="sourceLineNo">406</span><a id="line.406"> log.warn( "Switching to in memory key handling " );</a> |
| <span class="sourceLineNo">407</span><a id="line.407"> this.fileStore = false;</a> |
| <span class="sourceLineNo">408</span><a id="line.408"> addNewKey( );</a> |
| <span class="sourceLineNo">409</span><a id="line.409"> }</a> |
| <span class="sourceLineNo">410</span><a id="line.410"> }</a> |
| <span class="sourceLineNo">411</span><a id="line.411"> }</a> |
| <span class="sourceLineNo">412</span><a id="line.412"> }</a> |
| <span class="sourceLineNo">413</span><a id="line.413"></a> |
| <span class="sourceLineNo">414</span><a id="line.414"> private SecretKey createNewSecretKey( String sigAlg )</a> |
| <span class="sourceLineNo">415</span><a id="line.415"> {</a> |
| <span class="sourceLineNo">416</span><a id="line.416"> return Keys.secretKeyFor( SignatureAlgorithm.forName( sigAlg ) );</a> |
| <span class="sourceLineNo">417</span><a id="line.417"> }</a> |
| <span class="sourceLineNo">418</span><a id="line.418"></a> |
| <span class="sourceLineNo">419</span><a id="line.419"> private KeyPair createNewKeyPair( String sigAlg )</a> |
| <span class="sourceLineNo">420</span><a id="line.420"> {</a> |
| <span class="sourceLineNo">421</span><a id="line.421"> return Keys.keyPairFor( SignatureAlgorithm.forName( sigAlg ) );</a> |
| <span class="sourceLineNo">422</span><a id="line.422"> }</a> |
| <span class="sourceLineNo">423</span><a id="line.423"></a> |
| <span class="sourceLineNo">424</span><a id="line.424"> private KeyHolder loadKeyFromFile( Path filePath ) throws IOException</a> |
| <span class="sourceLineNo">425</span><a id="line.425"> {</a> |
| <span class="sourceLineNo">426</span><a id="line.426"> if ( Files.exists( filePath ) )</a> |
| <span class="sourceLineNo">427</span><a id="line.427"> {</a> |
| <span class="sourceLineNo">428</span><a id="line.428"> log.info( "Loading secret key from file storage {}", filePath );</a> |
| <span class="sourceLineNo">429</span><a id="line.429"> Properties props = new Properties( );</a> |
| <span class="sourceLineNo">430</span><a id="line.430"> try ( InputStream in = Files.newInputStream( filePath ) )</a> |
| <span class="sourceLineNo">431</span><a id="line.431"> {</a> |
| <span class="sourceLineNo">432</span><a id="line.432"> props.loadFromXML( in );</a> |
| <span class="sourceLineNo">433</span><a id="line.433"> }</a> |
| <span class="sourceLineNo">434</span><a id="line.434"> String algorithm = props.getProperty( PROP_PRIV_ALG ).trim( );</a> |
| <span class="sourceLineNo">435</span><a id="line.435"> String secretKey = props.getProperty( PROP_PRIVATEKEY ).trim( );</a> |
| <span class="sourceLineNo">436</span><a id="line.436"> Long keyId;</a> |
| <span class="sourceLineNo">437</span><a id="line.437"> try {</a> |
| <span class="sourceLineNo">438</span><a id="line.438"> keyId = Long.valueOf( props.getProperty( PROP_KEYID ) );</a> |
| <span class="sourceLineNo">439</span><a id="line.439"> } catch (NumberFormatException e) {</a> |
| <span class="sourceLineNo">440</span><a id="line.440"> keyId = keyCounter.incrementAndGet( );</a> |
| <span class="sourceLineNo">441</span><a id="line.441"> }</a> |
| <span class="sourceLineNo">442</span><a id="line.442"> byte[] keyData = Base64.getDecoder( ).decode( secretKey.getBytes( ) );</a> |
| <span class="sourceLineNo">443</span><a id="line.443"> return new KeyHolder( keyId, new SecretKeySpec( keyData, algorithm ) );</a> |
| <span class="sourceLineNo">444</span><a id="line.444"> }</a> |
| <span class="sourceLineNo">445</span><a id="line.445"> else</a> |
| <span class="sourceLineNo">446</span><a id="line.446"> {</a> |
| <span class="sourceLineNo">447</span><a id="line.447"> throw new FileNotFoundException( "Keyfile does not exist " + filePath );</a> |
| <span class="sourceLineNo">448</span><a id="line.448"> }</a> |
| <span class="sourceLineNo">449</span><a id="line.449"> }</a> |
| <span class="sourceLineNo">450</span><a id="line.450"></a> |
| <span class="sourceLineNo">451</span><a id="line.451"></a> |
| <span class="sourceLineNo">452</span><a id="line.452"> private KeyHolder loadPairFromFile( Path filePath ) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException</a> |
| <span class="sourceLineNo">453</span><a id="line.453"> {</a> |
| <span class="sourceLineNo">454</span><a id="line.454"> if ( Files.exists( filePath ) )</a> |
| <span class="sourceLineNo">455</span><a id="line.455"> {</a> |
| <span class="sourceLineNo">456</span><a id="line.456"> log.info( "Loading key pair from file storage {}", filePath );</a> |
| <span class="sourceLineNo">457</span><a id="line.457"> Properties props = new Properties( );</a> |
| <span class="sourceLineNo">458</span><a id="line.458"> try ( InputStream in = Files.newInputStream( filePath ) )</a> |
| <span class="sourceLineNo">459</span><a id="line.459"> {</a> |
| <span class="sourceLineNo">460</span><a id="line.460"> props.loadFromXML( in );</a> |
| <span class="sourceLineNo">461</span><a id="line.461"> }</a> |
| <span class="sourceLineNo">462</span><a id="line.462"> String algorithm = props.getProperty( PROP_PRIV_ALG ).trim( );</a> |
| <span class="sourceLineNo">463</span><a id="line.463"> String secretKeyBase64 = props.getProperty( PROP_PRIVATEKEY ).trim( );</a> |
| <span class="sourceLineNo">464</span><a id="line.464"> String publicKeyBase64 = props.getProperty( PROP_PUBLICKEY ).trim( );</a> |
| <span class="sourceLineNo">465</span><a id="line.465"> Long keyId;</a> |
| <span class="sourceLineNo">466</span><a id="line.466"> try {</a> |
| <span class="sourceLineNo">467</span><a id="line.467"> keyId = Long.valueOf( props.getProperty( PROP_KEYID ) );</a> |
| <span class="sourceLineNo">468</span><a id="line.468"> } catch (NumberFormatException e) {</a> |
| <span class="sourceLineNo">469</span><a id="line.469"> keyId = keyCounter.incrementAndGet( );</a> |
| <span class="sourceLineNo">470</span><a id="line.470"> }</a> |
| <span class="sourceLineNo">471</span><a id="line.471"> byte[] privateBytes = Base64.getDecoder( ).decode( secretKeyBase64 );</a> |
| <span class="sourceLineNo">472</span><a id="line.472"> byte[] publicBytes = Base64.getDecoder( ).decode( publicKeyBase64 );</a> |
| <span class="sourceLineNo">473</span><a id="line.473"></a> |
| <span class="sourceLineNo">474</span><a id="line.474"> PKCS8EncodedKeySpec privateSpec = new PKCS8EncodedKeySpec( privateBytes );</a> |
| <span class="sourceLineNo">475</span><a id="line.475"> X509EncodedKeySpec publicSpec = new X509EncodedKeySpec( publicBytes );</a> |
| <span class="sourceLineNo">476</span><a id="line.476"> PrivateKey privateKey = KeyFactory.getInstance( algorithm ).generatePrivate( privateSpec );</a> |
| <span class="sourceLineNo">477</span><a id="line.477"> PublicKey publicKey = KeyFactory.getInstance( algorithm ).generatePublic( publicSpec );</a> |
| <span class="sourceLineNo">478</span><a id="line.478"></a> |
| <span class="sourceLineNo">479</span><a id="line.479"> return new KeyHolder( keyId, new KeyPair( publicKey, privateKey ) );</a> |
| <span class="sourceLineNo">480</span><a id="line.480"> }</a> |
| <span class="sourceLineNo">481</span><a id="line.481"> else</a> |
| <span class="sourceLineNo">482</span><a id="line.482"> {</a> |
| <span class="sourceLineNo">483</span><a id="line.483"> throw new FileNotFoundException( "Keyfile does not exist " + filePath );</a> |
| <span class="sourceLineNo">484</span><a id="line.484"> }</a> |
| <span class="sourceLineNo">485</span><a id="line.485"> }</a> |
| <span class="sourceLineNo">486</span><a id="line.486"></a> |
| <span class="sourceLineNo">487</span><a id="line.487"> private void writeSecretKey( Path filePath, Long id, Key key ) throws IOException</a> |
| <span class="sourceLineNo">488</span><a id="line.488"> {</a> |
| <span class="sourceLineNo">489</span><a id="line.489"> log.info( "Writing secret key algorithm=" + key.getAlgorithm( ) + ", format=" + key.getFormat( ) + " to file " + filePath );</a> |
| <span class="sourceLineNo">490</span><a id="line.490"> Properties props = new Properties( );</a> |
| <span class="sourceLineNo">491</span><a id="line.491"> props.setProperty( PROP_PRIV_ALG, key.getAlgorithm( ) );</a> |
| <span class="sourceLineNo">492</span><a id="line.492"> if ( key.getFormat( ) != null )</a> |
| <span class="sourceLineNo">493</span><a id="line.493"> {</a> |
| <span class="sourceLineNo">494</span><a id="line.494"> props.setProperty( PROP_PRIV_FORMAT, key.getFormat( ) );</a> |
| <span class="sourceLineNo">495</span><a id="line.495"> }</a> |
| <span class="sourceLineNo">496</span><a id="line.496"> props.setProperty( PROP_KEYID, id.toString() );</a> |
| <span class="sourceLineNo">497</span><a id="line.497"> props.setProperty( PROP_PRIVATEKEY, Base64.getEncoder( ).encodeToString( key.getEncoded( ) ) );</a> |
| <span class="sourceLineNo">498</span><a id="line.498"> try ( OutputStream out = Files.newOutputStream( filePath ) )</a> |
| <span class="sourceLineNo">499</span><a id="line.499"> {</a> |
| <span class="sourceLineNo">500</span><a id="line.500"> props.storeToXML( out, "Key for JWT signing" );</a> |
| <span class="sourceLineNo">501</span><a id="line.501"> }</a> |
| <span class="sourceLineNo">502</span><a id="line.502"> try</a> |
| <span class="sourceLineNo">503</span><a id="line.503"> {</a> |
| <span class="sourceLineNo">504</span><a id="line.504"> Files.setPosixFilePermissions( filePath, PosixFilePermissions.fromString( "rw-------" ) );</a> |
| <span class="sourceLineNo">505</span><a id="line.505"> }</a> |
| <span class="sourceLineNo">506</span><a id="line.506"> catch ( Exception e )</a> |
| <span class="sourceLineNo">507</span><a id="line.507"> {</a> |
| <span class="sourceLineNo">508</span><a id="line.508"> log.error( "Could not set file permissions for {}: {}", filePath, e.getMessage( ), e );</a> |
| <span class="sourceLineNo">509</span><a id="line.509"> }</a> |
| <span class="sourceLineNo">510</span><a id="line.510"> }</a> |
| <span class="sourceLineNo">511</span><a id="line.511"></a> |
| <span class="sourceLineNo">512</span><a id="line.512"> private void writeKeyPair( Path filePath, Long id, KeyPair keyPair ) throws IOException</a> |
| <span class="sourceLineNo">513</span><a id="line.513"> {</a> |
| <span class="sourceLineNo">514</span><a id="line.514"> PrivateKey privateKey = keyPair.getPrivate( );</a> |
| <span class="sourceLineNo">515</span><a id="line.515"> PublicKey publicKey = keyPair.getPublic( );</a> |
| <span class="sourceLineNo">516</span><a id="line.516"></a> |
| <span class="sourceLineNo">517</span><a id="line.517"> log.info( "Writing private key algorithm=" + privateKey.getAlgorithm( ) + ", format=" + privateKey.getFormat( ) + " to file " + filePath );</a> |
| <span class="sourceLineNo">518</span><a id="line.518"> log.info( "Writing public key algorithm=" + publicKey.getAlgorithm( ) + ", format=" + publicKey.getFormat( ) + " to file " + filePath );</a> |
| <span class="sourceLineNo">519</span><a id="line.519"> Properties props = new Properties( );</a> |
| <span class="sourceLineNo">520</span><a id="line.520"> props.setProperty( PROP_PRIV_ALG, privateKey.getAlgorithm( ) );</a> |
| <span class="sourceLineNo">521</span><a id="line.521"> if ( privateKey.getFormat( ) != null )</a> |
| <span class="sourceLineNo">522</span><a id="line.522"> {</a> |
| <span class="sourceLineNo">523</span><a id="line.523"> props.setProperty( PROP_PRIV_FORMAT, privateKey.getFormat( ) );</a> |
| <span class="sourceLineNo">524</span><a id="line.524"> }</a> |
| <span class="sourceLineNo">525</span><a id="line.525"> props.setProperty( PROP_KEYID, id.toString( ) );</a> |
| <span class="sourceLineNo">526</span><a id="line.526"> props.setProperty( PROP_PUB_ALG, publicKey.getAlgorithm( ) );</a> |
| <span class="sourceLineNo">527</span><a id="line.527"> if ( publicKey.getFormat( ) != null )</a> |
| <span class="sourceLineNo">528</span><a id="line.528"> {</a> |
| <span class="sourceLineNo">529</span><a id="line.529"> props.setProperty( PROP_PUB_FORMAT, publicKey.getFormat( ) );</a> |
| <span class="sourceLineNo">530</span><a id="line.530"> }</a> |
| <span class="sourceLineNo">531</span><a id="line.531"> PKCS8EncodedKeySpec privateSpec = new PKCS8EncodedKeySpec( privateKey.getEncoded( ) );</a> |
| <span class="sourceLineNo">532</span><a id="line.532"> X509EncodedKeySpec publicSpec = new X509EncodedKeySpec( publicKey.getEncoded( ) );</a> |
| <span class="sourceLineNo">533</span><a id="line.533"> props.setProperty( PROP_PRIVATEKEY, Base64.getEncoder( ).encodeToString( privateSpec.getEncoded( ) ) );</a> |
| <span class="sourceLineNo">534</span><a id="line.534"> props.setProperty( PROP_PUBLICKEY, Base64.getEncoder( ).encodeToString( publicSpec.getEncoded( ) ) );</a> |
| <span class="sourceLineNo">535</span><a id="line.535"></a> |
| <span class="sourceLineNo">536</span><a id="line.536"> try ( OutputStream out = Files.newOutputStream( filePath ) )</a> |
| <span class="sourceLineNo">537</span><a id="line.537"> {</a> |
| <span class="sourceLineNo">538</span><a id="line.538"> props.storeToXML( out, "Key pair for JWT signing" );</a> |
| <span class="sourceLineNo">539</span><a id="line.539"> }</a> |
| <span class="sourceLineNo">540</span><a id="line.540"> try</a> |
| <span class="sourceLineNo">541</span><a id="line.541"> {</a> |
| <span class="sourceLineNo">542</span><a id="line.542"> Files.setPosixFilePermissions( filePath, PosixFilePermissions.fromString( "rw-------" ) );</a> |
| <span class="sourceLineNo">543</span><a id="line.543"> }</a> |
| <span class="sourceLineNo">544</span><a id="line.544"> catch ( Exception e )</a> |
| <span class="sourceLineNo">545</span><a id="line.545"> {</a> |
| <span class="sourceLineNo">546</span><a id="line.546"> log.error( "Could not set file permissions for {}: {}", filePath, e.getMessage( ), e );</a> |
| <span class="sourceLineNo">547</span><a id="line.547"> }</a> |
| <span class="sourceLineNo">548</span><a id="line.548"></a> |
| <span class="sourceLineNo">549</span><a id="line.549"> }</a> |
| <span class="sourceLineNo">550</span><a id="line.550"></a> |
| <span class="sourceLineNo">551</span><a id="line.551"> /**</a> |
| <span class="sourceLineNo">552</span><a id="line.552"> * Returns <code>true</code>, if the source is a instance of {@link TokenBasedAuthenticationDataSource}</a> |
| <span class="sourceLineNo">553</span><a id="line.553"> * @param source the source to check</a> |
| <span class="sourceLineNo">554</span><a id="line.554"> * @return <code>true</code>, if the given source is a instance of {@link TokenBasedAuthenticationDataSource}</a> |
| <span class="sourceLineNo">555</span><a id="line.555"> */</a> |
| <span class="sourceLineNo">556</span><a id="line.556"> @Override</a> |
| <span class="sourceLineNo">557</span><a id="line.557"> public boolean supportsDataSource( AuthenticationDataSource source )</a> |
| <span class="sourceLineNo">558</span><a id="line.558"> {</a> |
| <span class="sourceLineNo">559</span><a id="line.559"> return ( source instanceof BearerTokenAuthenticationDataSource );</a> |
| <span class="sourceLineNo">560</span><a id="line.560"> }</a> |
| <span class="sourceLineNo">561</span><a id="line.561"></a> |
| <span class="sourceLineNo">562</span><a id="line.562"> /**</a> |
| <span class="sourceLineNo">563</span><a id="line.563"> * Tries to verify the represented token and returns the result</a> |
| <span class="sourceLineNo">564</span><a id="line.564"> * @param source the authentication source, which must be a {@link TokenBasedAuthenticationDataSource}</a> |
| <span class="sourceLineNo">565</span><a id="line.565"> * @return the authentication result</a> |
| <span class="sourceLineNo">566</span><a id="line.566"> * @throws AuthenticationException if the source is no {@link TokenBasedAuthenticationDataSource}</a> |
| <span class="sourceLineNo">567</span><a id="line.567"> */</a> |
| <span class="sourceLineNo">568</span><a id="line.568"> public AuthenticationResult authenticate( BearerTokenAuthenticationDataSource source ) throws AuthenticationException</a> |
| <span class="sourceLineNo">569</span><a id="line.569"> {</a> |
| <span class="sourceLineNo">570</span><a id="line.570"> String jwt = source.getTokenData( );</a> |
| <span class="sourceLineNo">571</span><a id="line.571"> AuthenticationResult result;</a> |
| <span class="sourceLineNo">572</span><a id="line.572"> try</a> |
| <span class="sourceLineNo">573</span><a id="line.573"> {</a> |
| <span class="sourceLineNo">574</span><a id="line.574"> String subject = verify( jwt );</a> |
| <span class="sourceLineNo">575</span><a id="line.575"> result = new AuthenticationResult( true, subject, null );</a> |
| <span class="sourceLineNo">576</span><a id="line.576"> } catch ( TokenAuthenticationException e) {</a> |
| <span class="sourceLineNo">577</span><a id="line.577"> AuthenticationFailureCause cause = new AuthenticationFailureCause(e.getError().getId(), e.getMessage() );</a> |
| <span class="sourceLineNo">578</span><a id="line.578"> result = new AuthenticationResult( false, source.getUsername(), e, Arrays.asList( cause ) );</a> |
| <span class="sourceLineNo">579</span><a id="line.579"> }</a> |
| <span class="sourceLineNo">580</span><a id="line.580"> return result;</a> |
| <span class="sourceLineNo">581</span><a id="line.581"> }</a> |
| <span class="sourceLineNo">582</span><a id="line.582"></a> |
| <span class="sourceLineNo">583</span><a id="line.583"> @Override</a> |
| <span class="sourceLineNo">584</span><a id="line.584"> public AuthenticationResult authenticate(AuthenticationDataSource dataSource) throws AuthenticationException</a> |
| <span class="sourceLineNo">585</span><a id="line.585"> {</a> |
| <span class="sourceLineNo">586</span><a id="line.586"> if (dataSource instanceof BearerTokenAuthenticationDataSource) {</a> |
| <span class="sourceLineNo">587</span><a id="line.587"> return this.authenticate( (BearerTokenAuthenticationDataSource) dataSource );</a> |
| <span class="sourceLineNo">588</span><a id="line.588"> }</a> |
| <span class="sourceLineNo">589</span><a id="line.589"> throw new AuthenticationException( "Authentication datasource not supported by this JwtAuthenticator" );</a> |
| <span class="sourceLineNo">590</span><a id="line.590"> }</a> |
| <span class="sourceLineNo">591</span><a id="line.591"></a> |
| <span class="sourceLineNo">592</span><a id="line.592"> /**</a> |
| <span class="sourceLineNo">593</span><a id="line.593"> * Creates a new signing key and uses this for new tokens. It will keep {@link #maxInMemoryKeys} keys in the</a> |
| <span class="sourceLineNo">594</span><a id="line.594"> * list for jwt verification.</a> |
| <span class="sourceLineNo">595</span><a id="line.595"> */</a> |
| <span class="sourceLineNo">596</span><a id="line.596"> public Long renewSigningKey( )</a> |
| <span class="sourceLineNo">597</span><a id="line.597"> {</a> |
| <span class="sourceLineNo">598</span><a id="line.598"> final Long id = addNewKey( );</a> |
| <span class="sourceLineNo">599</span><a id="line.599"> if (this.fileStore)</a> |
| <span class="sourceLineNo">600</span><a id="line.600"> {</a> |
| <span class="sourceLineNo">601</span><a id="line.601"> if ( this.symmetricAlgorithm )</a> |
| <span class="sourceLineNo">602</span><a id="line.602"> {</a> |
| <span class="sourceLineNo">603</span><a id="line.603"> try</a> |
| <span class="sourceLineNo">604</span><a id="line.604"> {</a> |
| <span class="sourceLineNo">605</span><a id="line.605"> writeSecretKey( this.keystoreFilePath, id, getSecretKey( id ) );</a> |
| <span class="sourceLineNo">606</span><a id="line.606"> }</a> |
| <span class="sourceLineNo">607</span><a id="line.607"> catch ( IOException e )</a> |
| <span class="sourceLineNo">608</span><a id="line.608"> {</a> |
| <span class="sourceLineNo">609</span><a id="line.609"> log.error( "Could not write to keyfile {}: {}", this.keystoreFilePath, e.getMessage( ), e );</a> |
| <span class="sourceLineNo">610</span><a id="line.610"> }</a> |
| <span class="sourceLineNo">611</span><a id="line.611"> }</a> |
| <span class="sourceLineNo">612</span><a id="line.612"> else</a> |
| <span class="sourceLineNo">613</span><a id="line.613"> {</a> |
| <span class="sourceLineNo">614</span><a id="line.614"> try</a> |
| <span class="sourceLineNo">615</span><a id="line.615"> {</a> |
| <span class="sourceLineNo">616</span><a id="line.616"> writeKeyPair( this.keystoreFilePath, id, getKeyPair( id ) );</a> |
| <span class="sourceLineNo">617</span><a id="line.617"> }</a> |
| <span class="sourceLineNo">618</span><a id="line.618"> catch ( IOException e )</a> |
| <span class="sourceLineNo">619</span><a id="line.619"> {</a> |
| <span class="sourceLineNo">620</span><a id="line.620"> log.error( "Could not write to keyfile {}: {}", this.keystoreFilePath, e.getMessage( ), e );</a> |
| <span class="sourceLineNo">621</span><a id="line.621"> }</a> |
| <span class="sourceLineNo">622</span><a id="line.622"> }</a> |
| <span class="sourceLineNo">623</span><a id="line.623"> }</a> |
| <span class="sourceLineNo">624</span><a id="line.624"> return id;</a> |
| <span class="sourceLineNo">625</span><a id="line.625"> }</a> |
| <span class="sourceLineNo">626</span><a id="line.626"></a> |
| <span class="sourceLineNo">627</span><a id="line.627"> /**</a> |
| <span class="sourceLineNo">628</span><a id="line.628"> * Simple internal DTO for keeping key data and its key id.</a> |
| <span class="sourceLineNo">629</span><a id="line.629"> */</a> |
| <span class="sourceLineNo">630</span><a id="line.630"> private static class KeyHolder {</a> |
| <span class="sourceLineNo">631</span><a id="line.631"> final Long id;</a> |
| <span class="sourceLineNo">632</span><a id="line.632"> final SecretKey secretKey;</a> |
| <span class="sourceLineNo">633</span><a id="line.633"> final KeyPair keyPair;</a> |
| <span class="sourceLineNo">634</span><a id="line.634"></a> |
| <span class="sourceLineNo">635</span><a id="line.635"> KeyHolder(Long id, SecretKey key) {</a> |
| <span class="sourceLineNo">636</span><a id="line.636"> this.id = id;</a> |
| <span class="sourceLineNo">637</span><a id="line.637"> this.secretKey = key;</a> |
| <span class="sourceLineNo">638</span><a id="line.638"> this.keyPair = null;</a> |
| <span class="sourceLineNo">639</span><a id="line.639"> }</a> |
| <span class="sourceLineNo">640</span><a id="line.640"> KeyHolder(Long id, KeyPair key) {</a> |
| <span class="sourceLineNo">641</span><a id="line.641"> this.id = id;</a> |
| <span class="sourceLineNo">642</span><a id="line.642"> this.secretKey = null;</a> |
| <span class="sourceLineNo">643</span><a id="line.643"> this.keyPair = key;</a> |
| <span class="sourceLineNo">644</span><a id="line.644"> }</a> |
| <span class="sourceLineNo">645</span><a id="line.645"></a> |
| <span class="sourceLineNo">646</span><a id="line.646"> public Long getId( )</a> |
| <span class="sourceLineNo">647</span><a id="line.647"> {</a> |
| <span class="sourceLineNo">648</span><a id="line.648"> return id;</a> |
| <span class="sourceLineNo">649</span><a id="line.649"> }</a> |
| <span class="sourceLineNo">650</span><a id="line.650"></a> |
| <span class="sourceLineNo">651</span><a id="line.651"> public SecretKey getSecretKey( )</a> |
| <span class="sourceLineNo">652</span><a id="line.652"> {</a> |
| <span class="sourceLineNo">653</span><a id="line.653"> return secretKey;</a> |
| <span class="sourceLineNo">654</span><a id="line.654"> }</a> |
| <span class="sourceLineNo">655</span><a id="line.655"></a> |
| <span class="sourceLineNo">656</span><a id="line.656"> public KeyPair getKeyPair( )</a> |
| <span class="sourceLineNo">657</span><a id="line.657"> {</a> |
| <span class="sourceLineNo">658</span><a id="line.658"> return keyPair;</a> |
| <span class="sourceLineNo">659</span><a id="line.659"> }</a> |
| <span class="sourceLineNo">660</span><a id="line.660"></a> |
| <span class="sourceLineNo">661</span><a id="line.661"> public Key getSignerKey() {</a> |
| <span class="sourceLineNo">662</span><a id="line.662"> return keyPair != null ? this.keyPair.getPrivate( ) : this.secretKey;</a> |
| <span class="sourceLineNo">663</span><a id="line.663"> }</a> |
| <span class="sourceLineNo">664</span><a id="line.664"> }</a> |
| <span class="sourceLineNo">665</span><a id="line.665"></a> |
| <span class="sourceLineNo">666</span><a id="line.666"> private KeyHolder getSignerKey() {</a> |
| <span class="sourceLineNo">667</span><a id="line.667"> final Long id = keyCounter.get( );</a> |
| <span class="sourceLineNo">668</span><a id="line.668"> if (this.symmetricAlgorithm) {</a> |
| <span class="sourceLineNo">669</span><a id="line.669"> return new KeyHolder( id, getSecretKey( id ) );</a> |
| <span class="sourceLineNo">670</span><a id="line.670"> } else {</a> |
| <span class="sourceLineNo">671</span><a id="line.671"> return new KeyHolder( id, getKeyPair( id ) );</a> |
| <span class="sourceLineNo">672</span><a id="line.672"> }</a> |
| <span class="sourceLineNo">673</span><a id="line.673"> }</a> |
| <span class="sourceLineNo">674</span><a id="line.674"></a> |
| <span class="sourceLineNo">675</span><a id="line.675"> /**</a> |
| <span class="sourceLineNo">676</span><a id="line.676"> * Creates a token for the given user id. The token contains the following data:</a> |
| <span class="sourceLineNo">677</span><a id="line.677"> * <ul></a> |
| <span class="sourceLineNo">678</span><a id="line.678"> * <li>the userid as subject</li></a> |
| <span class="sourceLineNo">679</span><a id="line.679"> * <li>a issuer archiva.apache.org/redback</li></a> |
| <span class="sourceLineNo">680</span><a id="line.680"> * <li>a id header with the key id</li></a> |
| <span class="sourceLineNo">681</span><a id="line.681"> * </ul>the user id as subject.</a> |
| <span class="sourceLineNo">682</span><a id="line.682"> *</a> |
| <span class="sourceLineNo">683</span><a id="line.683"> * @param userId the user identifier to set as subject</a> |
| <span class="sourceLineNo">684</span><a id="line.684"> * @return the token string</a> |
| <span class="sourceLineNo">685</span><a id="line.685"> */</a> |
| <span class="sourceLineNo">686</span><a id="line.686"> public Token generateToken( String userId )</a> |
| <span class="sourceLineNo">687</span><a id="line.687"> {</a> |
| <span class="sourceLineNo">688</span><a id="line.688"> final KeyHolder signerKey = getSignerKey( );</a> |
| <span class="sourceLineNo">689</span><a id="line.689"> Instant now = Instant.now( );</a> |
| <span class="sourceLineNo">690</span><a id="line.690"> Instant expiration = now.plus( tokenLifetime );</a> |
| <span class="sourceLineNo">691</span><a id="line.691"> final String token = Jwts.builder( )</a> |
| <span class="sourceLineNo">692</span><a id="line.692"> .setSubject( userId )</a> |
| <span class="sourceLineNo">693</span><a id="line.693"> .setIssuer( ISSUER )</a> |
| <span class="sourceLineNo">694</span><a id="line.694"> .claim( TOKEN_TYPE, TokenType.ACCESS_TOKEN.getClaim( ) )</a> |
| <span class="sourceLineNo">695</span><a id="line.695"> .setIssuedAt( Date.from( now ) )</a> |
| <span class="sourceLineNo">696</span><a id="line.696"> .setExpiration( Date.from( expiration ) )</a> |
| <span class="sourceLineNo">697</span><a id="line.697"> .setHeaderParam( JwsHeader.KEY_ID, signerKey.getId( ).toString( ) )</a> |
| <span class="sourceLineNo">698</span><a id="line.698"> .signWith( signerKey.getSignerKey( ) ).compact( );</a> |
| <span class="sourceLineNo">699</span><a id="line.699"> TokenData metadata = new SimpleTokenData( userId, tokenLifetime, 0 );</a> |
| <span class="sourceLineNo">700</span><a id="line.700"> return new StringToken("", token, metadata );</a> |
| <span class="sourceLineNo">701</span><a id="line.701"> }</a> |
| <span class="sourceLineNo">702</span><a id="line.702"></a> |
| <span class="sourceLineNo">703</span><a id="line.703"> /**</a> |
| <span class="sourceLineNo">704</span><a id="line.704"> * Creates a token for the given user id. The token contains the following data:</a> |
| <span class="sourceLineNo">705</span><a id="line.705"> * <ul></a> |
| <span class="sourceLineNo">706</span><a id="line.706"> * <li>the userid as subject</li></a> |
| <span class="sourceLineNo">707</span><a id="line.707"> * <li>a issuer archiva.apache.org/redback</li></a> |
| <span class="sourceLineNo">708</span><a id="line.708"> * <li>a id header with the key id</li></a> |
| <span class="sourceLineNo">709</span><a id="line.709"> * </ul>the user id as subject.</a> |
| <span class="sourceLineNo">710</span><a id="line.710"> *</a> |
| <span class="sourceLineNo">711</span><a id="line.711"> * @param userId the user identifier to set as subject</a> |
| <span class="sourceLineNo">712</span><a id="line.712"> * @param type the token type that indicates if this token is a access or refresh token</a> |
| <span class="sourceLineNo">713</span><a id="line.713"> * @return the token string</a> |
| <span class="sourceLineNo">714</span><a id="line.714"> */</a> |
| <span class="sourceLineNo">715</span><a id="line.715"> public Token generateToken( String userId, TokenType type )</a> |
| <span class="sourceLineNo">716</span><a id="line.716"> {</a> |
| <span class="sourceLineNo">717</span><a id="line.717"> if (type==TokenType.ACCESS_TOKEN) {</a> |
| <span class="sourceLineNo">718</span><a id="line.718"> return generateToken( userId );</a> |
| <span class="sourceLineNo">719</span><a id="line.719"> } else if (type == TokenType.REFRESH_TOKEN)</a> |
| <span class="sourceLineNo">720</span><a id="line.720"> {</a> |
| <span class="sourceLineNo">721</span><a id="line.721"> return generateRefreshToken( userId );</a> |
| <span class="sourceLineNo">722</span><a id="line.722"> } else {</a> |
| <span class="sourceLineNo">723</span><a id="line.723"> throw new RuntimeException( "Invalid token type requested" );</a> |
| <span class="sourceLineNo">724</span><a id="line.724"> }</a> |
| <span class="sourceLineNo">725</span><a id="line.725"> }</a> |
| <span class="sourceLineNo">726</span><a id="line.726"></a> |
| <span class="sourceLineNo">727</span><a id="line.727"> private Token generateRefreshToken(String userId) {</a> |
| <span class="sourceLineNo">728</span><a id="line.728"> final KeyHolder signerKey = getSignerKey( );</a> |
| <span class="sourceLineNo">729</span><a id="line.729"> Instant now = Instant.now( );</a> |
| <span class="sourceLineNo">730</span><a id="line.730"> Instant expiration = now.plus( refreshTokenLifetime );</a> |
| <span class="sourceLineNo">731</span><a id="line.731"> final String id = UUID.randomUUID( ).toString( );</a> |
| <span class="sourceLineNo">732</span><a id="line.732"> final String token = Jwts.builder( )</a> |
| <span class="sourceLineNo">733</span><a id="line.733"> .setSubject( userId )</a> |
| <span class="sourceLineNo">734</span><a id="line.734"> .setIssuer( ISSUER )</a> |
| <span class="sourceLineNo">735</span><a id="line.735"> .setIssuedAt( Date.from( now ) )</a> |
| <span class="sourceLineNo">736</span><a id="line.736"> .setId( id )</a> |
| <span class="sourceLineNo">737</span><a id="line.737"> .claim( TOKEN_TYPE, TokenType.REFRESH_TOKEN.getClaim() )</a> |
| <span class="sourceLineNo">738</span><a id="line.738"> .setExpiration( Date.from( expiration ) )</a> |
| <span class="sourceLineNo">739</span><a id="line.739"> .setHeaderParam( JwsHeader.KEY_ID, signerKey.getId( ).toString( ) )</a> |
| <span class="sourceLineNo">740</span><a id="line.740"> .signWith( signerKey.getSignerKey( ) ).compact( );</a> |
| <span class="sourceLineNo">741</span><a id="line.741"> TokenData metadata = new SimpleTokenData( userId, refreshTokenLifetime, 0 );</a> |
| <span class="sourceLineNo">742</span><a id="line.742"> return new StringToken( TokenType.REFRESH_TOKEN, id, token, metadata );</a> |
| <span class="sourceLineNo">743</span><a id="line.743"> }</a> |
| <span class="sourceLineNo">744</span><a id="line.744"></a> |
| <span class="sourceLineNo">745</span><a id="line.745"> /**</a> |
| <span class="sourceLineNo">746</span><a id="line.746"> * Returns a token object from the given token String</a> |
| <span class="sourceLineNo">747</span><a id="line.747"> *</a> |
| <span class="sourceLineNo">748</span><a id="line.748"> * @param tokenData the string representation of the token</a> |
| <span class="sourceLineNo">749</span><a id="line.749"> * @return the token instance</a> |
| <span class="sourceLineNo">750</span><a id="line.750"> */</a> |
| <span class="sourceLineNo">751</span><a id="line.751"> public Token tokenFromString(String tokenData) {</a> |
| <span class="sourceLineNo">752</span><a id="line.752"> Jws<Claims> parsedToken = parseToken( tokenData );</a> |
| <span class="sourceLineNo">753</span><a id="line.753"> String userId = parsedToken.getBody( ).getSubject( );</a> |
| <span class="sourceLineNo">754</span><a id="line.754"> TokenType type = TokenType.ofClaim( parsedToken.getBody( ).get( TOKEN_TYPE, String.class ) );</a> |
| <span class="sourceLineNo">755</span><a id="line.755"> String id = parsedToken.getBody( ).getId( );</a> |
| <span class="sourceLineNo">756</span><a id="line.756"> Instant expiration = parsedToken.getBody( ).getExpiration( ).toInstant( );</a> |
| <span class="sourceLineNo">757</span><a id="line.757"> Instant issuedAt = parsedToken.getBody( ).getIssuedAt( ).toInstant( );</a> |
| <span class="sourceLineNo">758</span><a id="line.758"> long lifetime = Duration.between( issuedAt, expiration ).toMillis( );</a> |
| <span class="sourceLineNo">759</span><a id="line.759"> TokenData metadata = new SimpleTokenData( userId, lifetime, 0 );</a> |
| <span class="sourceLineNo">760</span><a id="line.760"> return new StringToken( type, id, tokenData, metadata );</a> |
| <span class="sourceLineNo">761</span><a id="line.761"> }</a> |
| <span class="sourceLineNo">762</span><a id="line.762"></a> |
| <span class="sourceLineNo">763</span><a id="line.763"> /**</a> |
| <span class="sourceLineNo">764</span><a id="line.764"> * Allows to renew a token based on the origin token. If the presented <code>origin</code></a> |
| <span class="sourceLineNo">765</span><a id="line.765"> * is valid, a new token with refreshed expiration time will be returned.</a> |
| <span class="sourceLineNo">766</span><a id="line.766"> *</a> |
| <span class="sourceLineNo">767</span><a id="line.767"> * @param refreshToken the refresh token</a> |
| <span class="sourceLineNo">768</span><a id="line.768"> * @return the newly created token</a> |
| <span class="sourceLineNo">769</span><a id="line.769"> * @throws AuthenticationException if the given origin token is not valid</a> |
| <span class="sourceLineNo">770</span><a id="line.770"> */</a> |
| <span class="sourceLineNo">771</span><a id="line.771"> public Token refreshAccessToken( String refreshToken) throws TokenAuthenticationException {</a> |
| <span class="sourceLineNo">772</span><a id="line.772"> try</a> |
| <span class="sourceLineNo">773</span><a id="line.773"> {</a> |
| <span class="sourceLineNo">774</span><a id="line.774"> String subject = verify( refreshToken, TokenType.REFRESH_TOKEN );</a> |
| <span class="sourceLineNo">775</span><a id="line.775"> return generateToken( subject );</a> |
| <span class="sourceLineNo">776</span><a id="line.776"> } catch ( JwtException e) {</a> |
| <span class="sourceLineNo">777</span><a id="line.777"> throw new TokenAuthenticationException( BearerError.INVALID_TOKEN, "unknown error " + e.getMessage( ) );</a> |
| <span class="sourceLineNo">778</span><a id="line.778"> }</a> |
| <span class="sourceLineNo">779</span><a id="line.779"> }</a> |
| <span class="sourceLineNo">780</span><a id="line.780"></a> |
| <span class="sourceLineNo">781</span><a id="line.781"> /**</a> |
| <span class="sourceLineNo">782</span><a id="line.782"> * Parses the given token and returns the JWS metadata stored in the token.</a> |
| <span class="sourceLineNo">783</span><a id="line.783"> *</a> |
| <span class="sourceLineNo">784</span><a id="line.784"> * @param token the token string</a> |
| <span class="sourceLineNo">785</span><a id="line.785"> * @return the parsed data</a> |
| <span class="sourceLineNo">786</span><a id="line.786"> * @throws JwtException if the token data is not valid anymore</a> |
| <span class="sourceLineNo">787</span><a id="line.787"> */</a> |
| <span class="sourceLineNo">788</span><a id="line.788"> public Jws<Claims> parseToken( String token) throws JwtException {</a> |
| <span class="sourceLineNo">789</span><a id="line.789"> return getParser(TokenType.ALL).parseClaimsJws( token );</a> |
| <span class="sourceLineNo">790</span><a id="line.790"> }</a> |
| <span class="sourceLineNo">791</span><a id="line.791"></a> |
| <span class="sourceLineNo">792</span><a id="line.792"> /**</a> |
| <span class="sourceLineNo">793</span><a id="line.793"> * Verifies the given JWT Token and returns the stored subject, if successful</a> |
| <span class="sourceLineNo">794</span><a id="line.794"> * If the verification failed a TokenAuthenticationException is thrown.</a> |
| <span class="sourceLineNo">795</span><a id="line.795"> * @param token the JWT representation</a> |
| <span class="sourceLineNo">796</span><a id="line.796"> * @return the subject of the JWT</a> |
| <span class="sourceLineNo">797</span><a id="line.797"> * @throws TokenAuthenticationException if the verification failed</a> |
| <span class="sourceLineNo">798</span><a id="line.798"> */</a> |
| <span class="sourceLineNo">799</span><a id="line.799"> public String verify( String token ) throws TokenAuthenticationException</a> |
| <span class="sourceLineNo">800</span><a id="line.800"> {</a> |
| <span class="sourceLineNo">801</span><a id="line.801"> return verify( token, TokenType.ACCESS_TOKEN );</a> |
| <span class="sourceLineNo">802</span><a id="line.802"> }</a> |
| <span class="sourceLineNo">803</span><a id="line.803"></a> |
| <span class="sourceLineNo">804</span><a id="line.804"> public String verify( String token, TokenType type ) throws TokenAuthenticationException</a> |
| <span class="sourceLineNo">805</span><a id="line.805"> {</a> |
| <span class="sourceLineNo">806</span><a id="line.806"> try</a> |
| <span class="sourceLineNo">807</span><a id="line.807"> {</a> |
| <span class="sourceLineNo">808</span><a id="line.808"> Jws<Claims> signature = getParser(type).parseClaimsJws( token );</a> |
| <span class="sourceLineNo">809</span><a id="line.809"> String subject = signature.getBody( ).getSubject( );</a> |
| <span class="sourceLineNo">810</span><a id="line.810"> if ( StringUtils.isEmpty( subject ) )</a> |
| <span class="sourceLineNo">811</span><a id="line.811"> {</a> |
| <span class="sourceLineNo">812</span><a id="line.812"> throw new TokenAuthenticationException( BearerError.INVALID_TOKEN, "contains no subject" );</a> |
| <span class="sourceLineNo">813</span><a id="line.813"> }</a> |
| <span class="sourceLineNo">814</span><a id="line.814"> return subject;</a> |
| <span class="sourceLineNo">815</span><a id="line.815"> }</a> |
| <span class="sourceLineNo">816</span><a id="line.816"> catch ( ExpiredJwtException e )</a> |
| <span class="sourceLineNo">817</span><a id="line.817"> {</a> |
| <span class="sourceLineNo">818</span><a id="line.818"> throw new TokenAuthenticationException( BearerError.INVALID_TOKEN, "token expired" );</a> |
| <span class="sourceLineNo">819</span><a id="line.819"> }</a> |
| <span class="sourceLineNo">820</span><a id="line.820"> catch ( SignatureException e ) {</a> |
| <span class="sourceLineNo">821</span><a id="line.821"> throw new TokenAuthenticationException( BearerError.INVALID_TOKEN, "token signature does not match" );</a> |
| <span class="sourceLineNo">822</span><a id="line.822"> }</a> |
| <span class="sourceLineNo">823</span><a id="line.823"> catch ( UnsupportedJwtException e) {</a> |
| <span class="sourceLineNo">824</span><a id="line.824"> throw new TokenAuthenticationException( BearerError.INVALID_TOKEN, "jwt is unsupported" );</a> |
| <span class="sourceLineNo">825</span><a id="line.825"> }</a> |
| <span class="sourceLineNo">826</span><a id="line.826"> catch ( MalformedJwtException e)</a> |
| <span class="sourceLineNo">827</span><a id="line.827"> {</a> |
| <span class="sourceLineNo">828</span><a id="line.828"> throw new TokenAuthenticationException( BearerError.INVALID_TOKEN, "malformed token content" );</a> |
| <span class="sourceLineNo">829</span><a id="line.829"> }</a> |
| <span class="sourceLineNo">830</span><a id="line.830"> catch (JwtKeyIdNotFoundException e) {</a> |
| <span class="sourceLineNo">831</span><a id="line.831"> throw new TokenAuthenticationException( BearerError.INVALID_TOKEN, "signer key does not exist" );</a> |
| <span class="sourceLineNo">832</span><a id="line.832"> }</a> |
| <span class="sourceLineNo">833</span><a id="line.833"> catch ( MissingClaimException |IncorrectClaimException e ) {</a> |
| <span class="sourceLineNo">834</span><a id="line.834"> throw new TokenAuthenticationException( BearerError.INVALID_TOKEN, "the token type is not correct - expected claim "+type.getClaim() );</a> |
| <span class="sourceLineNo">835</span><a id="line.835"> }</a> |
| <span class="sourceLineNo">836</span><a id="line.836"> catch ( JwtException e) {</a> |
| <span class="sourceLineNo">837</span><a id="line.837"> log.debug( "Unknown JwtException {}, {}", e.getClass( ), e.getMessage( ) );</a> |
| <span class="sourceLineNo">838</span><a id="line.838"> throw new TokenAuthenticationException( BearerError.INVALID_TOKEN, "unknown error " + e.getMessage( ) );</a> |
| <span class="sourceLineNo">839</span><a id="line.839"> }</a> |
| <span class="sourceLineNo">840</span><a id="line.840"></a> |
| <span class="sourceLineNo">841</span><a id="line.841"> }</a> |
| <span class="sourceLineNo">842</span><a id="line.842"></a> |
| <span class="sourceLineNo">843</span><a id="line.843"> /**</a> |
| <span class="sourceLineNo">844</span><a id="line.844"> * Removes all signing keys and creates a new one. If you call this method, all JWT tokens generated before,</a> |
| <span class="sourceLineNo">845</span><a id="line.845"> * will be invalid.</a> |
| <span class="sourceLineNo">846</span><a id="line.846"> */</a> |
| <span class="sourceLineNo">847</span><a id="line.847"> public void revokeSigningKeys() {</a> |
| <span class="sourceLineNo">848</span><a id="line.848"> lock.writeLock( ).lock( );</a> |
| <span class="sourceLineNo">849</span><a id="line.849"> try {</a> |
| <span class="sourceLineNo">850</span><a id="line.850"> this.secretKey.clear();</a> |
| <span class="sourceLineNo">851</span><a id="line.851"> this.keyPair.clear();</a> |
| <span class="sourceLineNo">852</span><a id="line.852"> renewSigningKey( );</a> |
| <span class="sourceLineNo">853</span><a id="line.853"> } finally</a> |
| <span class="sourceLineNo">854</span><a id="line.854"> {</a> |
| <span class="sourceLineNo">855</span><a id="line.855"> lock.writeLock( ).unlock( );</a> |
| <span class="sourceLineNo">856</span><a id="line.856"> }</a> |
| <span class="sourceLineNo">857</span><a id="line.857"> }</a> |
| <span class="sourceLineNo">858</span><a id="line.858"></a> |
| <span class="sourceLineNo">859</span><a id="line.859"> private SigningKeyResolver getResolver( )</a> |
| <span class="sourceLineNo">860</span><a id="line.860"> {</a> |
| <span class="sourceLineNo">861</span><a id="line.861"> return this.resolver;</a> |
| <span class="sourceLineNo">862</span><a id="line.862"> }</a> |
| <span class="sourceLineNo">863</span><a id="line.863"></a> |
| <span class="sourceLineNo">864</span><a id="line.864"> /**</a> |
| <span class="sourceLineNo">865</span><a id="line.865"> * Returns <code>true</code>, if the signature algorithm ist a symmetric one, otherwise <code>false</code></a> |
| <span class="sourceLineNo">866</span><a id="line.866"> * @return <code>true</code>, if symmetric algorithm, otherwise <code>false</code></a> |
| <span class="sourceLineNo">867</span><a id="line.867"> */</a> |
| <span class="sourceLineNo">868</span><a id="line.868"> public boolean usesSymmetricAlgorithm( )</a> |
| <span class="sourceLineNo">869</span><a id="line.869"> {</a> |
| <span class="sourceLineNo">870</span><a id="line.870"> return symmetricAlgorithm;</a> |
| <span class="sourceLineNo">871</span><a id="line.871"> }</a> |
| <span class="sourceLineNo">872</span><a id="line.872"></a> |
| <span class="sourceLineNo">873</span><a id="line.873"> /**</a> |
| <span class="sourceLineNo">874</span><a id="line.874"> * Returns the signature algorithm used for signing JWT tokens</a> |
| <span class="sourceLineNo">875</span><a id="line.875"> * @return the string representation of the signature algorithm</a> |
| <span class="sourceLineNo">876</span><a id="line.876"> */</a> |
| <span class="sourceLineNo">877</span><a id="line.877"> public String getSignatureAlgorithm( )</a> |
| <span class="sourceLineNo">878</span><a id="line.878"> {</a> |
| <span class="sourceLineNo">879</span><a id="line.879"> return signatureAlgorithm;</a> |
| <span class="sourceLineNo">880</span><a id="line.880"> }</a> |
| <span class="sourceLineNo">881</span><a id="line.881"></a> |
| <span class="sourceLineNo">882</span><a id="line.882"> /**</a> |
| <span class="sourceLineNo">883</span><a id="line.883"> * Returns the keystore type that is setup for the authenticator</a> |
| <span class="sourceLineNo">884</span><a id="line.884"> * @return either <code>memory</code> or <code>plainfile</code></a> |
| <span class="sourceLineNo">885</span><a id="line.885"> */</a> |
| <span class="sourceLineNo">886</span><a id="line.886"> public String getKeystoreType( )</a> |
| <span class="sourceLineNo">887</span><a id="line.887"> {</a> |
| <span class="sourceLineNo">888</span><a id="line.888"> return keystoreType;</a> |
| <span class="sourceLineNo">889</span><a id="line.889"> }</a> |
| <span class="sourceLineNo">890</span><a id="line.890"></a> |
| <span class="sourceLineNo">891</span><a id="line.891"> /**</a> |
| <span class="sourceLineNo">892</span><a id="line.892"> * Returns the path to the keystore file or <code>null</code>, if the keystore type is <code>memory</code></a> |
| <span class="sourceLineNo">893</span><a id="line.893"> * @return the path to the keystore file, or <code>null</code></a> |
| <span class="sourceLineNo">894</span><a id="line.894"> */</a> |
| <span class="sourceLineNo">895</span><a id="line.895"> public Path getKeystoreFilePath( )</a> |
| <span class="sourceLineNo">896</span><a id="line.896"> {</a> |
| <span class="sourceLineNo">897</span><a id="line.897"> return keystoreFilePath;</a> |
| <span class="sourceLineNo">898</span><a id="line.898"> }</a> |
| <span class="sourceLineNo">899</span><a id="line.899"></a> |
| <span class="sourceLineNo">900</span><a id="line.900"> /**</a> |
| <span class="sourceLineNo">901</span><a id="line.901"> * Returns the maximum number of signature keys to store in memory for verification</a> |
| <span class="sourceLineNo">902</span><a id="line.902"> * @return the maximum number of signature keys to keep in memory</a> |
| <span class="sourceLineNo">903</span><a id="line.903"> */</a> |
| <span class="sourceLineNo">904</span><a id="line.904"> public int getMaxInMemoryKeys( )</a> |
| <span class="sourceLineNo">905</span><a id="line.905"> {</a> |
| <span class="sourceLineNo">906</span><a id="line.906"> return maxInMemoryKeys;</a> |
| <span class="sourceLineNo">907</span><a id="line.907"> }</a> |
| <span class="sourceLineNo">908</span><a id="line.908"></a> |
| <span class="sourceLineNo">909</span><a id="line.909"> /**</a> |
| <span class="sourceLineNo">910</span><a id="line.910"> * Returns the current size of the in memory key list</a> |
| <span class="sourceLineNo">911</span><a id="line.911"> * @return the number of memory stored signature keys</a> |
| <span class="sourceLineNo">912</span><a id="line.912"> */</a> |
| <span class="sourceLineNo">913</span><a id="line.913"> public int getCurrentKeyListSize() {</a> |
| <span class="sourceLineNo">914</span><a id="line.914"> if (symmetricAlgorithm) {</a> |
| <span class="sourceLineNo">915</span><a id="line.915"> return secretKey.size( );</a> |
| <span class="sourceLineNo">916</span><a id="line.916"> } else {</a> |
| <span class="sourceLineNo">917</span><a id="line.917"> return keyPair.size( );</a> |
| <span class="sourceLineNo">918</span><a id="line.918"> }</a> |
| <span class="sourceLineNo">919</span><a id="line.919"> }</a> |
| <span class="sourceLineNo">920</span><a id="line.920"></a> |
| <span class="sourceLineNo">921</span><a id="line.921"> /**</a> |
| <span class="sourceLineNo">922</span><a id="line.922"> * Returns the current used key identifier.</a> |
| <span class="sourceLineNo">923</span><a id="line.923"> * @return the key identifier</a> |
| <span class="sourceLineNo">924</span><a id="line.924"> */</a> |
| <span class="sourceLineNo">925</span><a id="line.925"> public Long getCurrentKeyId() {</a> |
| <span class="sourceLineNo">926</span><a id="line.926"> return keyCounter.get( );</a> |
| <span class="sourceLineNo">927</span><a id="line.927"> }</a> |
| <span class="sourceLineNo">928</span><a id="line.928"></a> |
| <span class="sourceLineNo">929</span><a id="line.929"> /**</a> |
| <span class="sourceLineNo">930</span><a id="line.930"> * Returns the default token lifetime of generated tokens.</a> |
| <span class="sourceLineNo">931</span><a id="line.931"> * @return the lifetime as duration</a> |
| <span class="sourceLineNo">932</span><a id="line.932"> */</a> |
| <span class="sourceLineNo">933</span><a id="line.933"> public Duration getTokenLifetime() {</a> |
| <span class="sourceLineNo">934</span><a id="line.934"> return this.tokenLifetime;</a> |
| <span class="sourceLineNo">935</span><a id="line.935"> }</a> |
| <span class="sourceLineNo">936</span><a id="line.936"></a> |
| <span class="sourceLineNo">937</span><a id="line.937"> /**</a> |
| <span class="sourceLineNo">938</span><a id="line.938"> * Sets the default token lifetime of generated tokens.</a> |
| <span class="sourceLineNo">939</span><a id="line.939"> * @param lifetime the lifetime as duration</a> |
| <span class="sourceLineNo">940</span><a id="line.940"> */</a> |
| <span class="sourceLineNo">941</span><a id="line.941"> public void setTokenLifetime(Duration lifetime) {</a> |
| <span class="sourceLineNo">942</span><a id="line.942"> this.tokenLifetime = lifetime;</a> |
| <span class="sourceLineNo">943</span><a id="line.943"> }</a> |
| <span class="sourceLineNo">944</span><a id="line.944"></a> |
| <span class="sourceLineNo">945</span><a id="line.945"> public UserConfiguration getUserConfiguration( )</a> |
| <span class="sourceLineNo">946</span><a id="line.946"> {</a> |
| <span class="sourceLineNo">947</span><a id="line.947"> return userConfiguration;</a> |
| <span class="sourceLineNo">948</span><a id="line.948"> }</a> |
| <span class="sourceLineNo">949</span><a id="line.949"></a> |
| <span class="sourceLineNo">950</span><a id="line.950"> public void setUserConfiguration( UserConfiguration userConfiguration )</a> |
| <span class="sourceLineNo">951</span><a id="line.951"> {</a> |
| <span class="sourceLineNo">952</span><a id="line.952"> this.userConfiguration = userConfiguration;</a> |
| <span class="sourceLineNo">953</span><a id="line.953"> }</a> |
| <span class="sourceLineNo">954</span><a id="line.954">}</a> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| </pre> |
| </div> |
| </main> |
| </body> |
| </html> |
