openid-connect-server-spring-boot/openid-connect-server-spring-boot-config/src/main/java/org/mitre/springboot/config/CryptoConfig.java at master · eedzjee/openid-connect-server-spring-boot · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
package org.mitre.springboot.config;

import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;

import org.mitre.jose.keystore.JWKSetKeyStore;
import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService;
import org.mitre.jwt.encryption.service.impl.DefaultJWTEncryptionAndDecryptionService;
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
import org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;

@Configuration
public class CryptoConfig {

	@Bean
	@ConditionalOnMissingBean(JWKSetKeyStore.class)
	public JWKSetKeyStore defaultKeyStore(@Value("${openid.connect.crypto.keystore.path}") Resource location) {
		JWKSetKeyStore keystore = new JWKSetKeyStore();
		keystore.setLocation(location);
		return keystore;
	}

	@Bean
	@ConditionalOnMissingBean(JWTSigningAndValidationService.class)
	public JWTSigningAndValidationService defaultJwtSigningAndValidationService(
			JWKSetKeyStore keystore,
			@Value("${openid.connect.crypto.signing.defaultSignerKeyId}") String defaultSignerKeyId,
			@Value("${openid.connect.crypto.signing.defaultSigningAlgorithmName}") String defaultSigningAlgorithmName) throws NoSuchAlgorithmException, InvalidKeySpecException {
		DefaultJWTSigningAndValidationService s = new DefaultJWTSigningAndValidationService(keystore);
		s.setDefaultSignerKeyId(defaultSignerKeyId);
		s.setDefaultSigningAlgorithmName(defaultSigningAlgorithmName);
		return s;
	}

	@Bean
	@ConditionalOnMissingBean(JWTEncryptionAndDecryptionService.class)
	public JWTEncryptionAndDecryptionService defaultJwtEncryptionAndDecryptionService(
			JWKSetKeyStore keystore,
			@Value("${openid.connect.crypto.encrypt.defaultAlgorithm}") JWEAlgorithm defaultAlgorithm,
			@Value("${openid.connect.crypto.encrypt.defaultDecryptionKeyId}") String defaultDecryptionKeyId,
			@Value("${openid.connect.crypto.encrypt.defaultEncryptionKeyId}") String defaultEncryptionKeyId
			) throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
		DefaultJWTEncryptionAndDecryptionService s = new DefaultJWTEncryptionAndDecryptionService(keystore);
		s.setDefaultAlgorithm(defaultAlgorithm);
		s.setDefaultDecryptionKeyId(defaultDecryptionKeyId);
		s.setDefaultEncryptionKeyId(defaultEncryptionKeyId);
		return s;
	}
}