SecurityProvider.java
- /*
- * GovWay - A customizable API Gateway
- * https://govway.org
- *
- * Copyright (c) 2005-2025 Link.it srl (https://link.it).
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 3, as published by
- * the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
- */
- package org.openspcoop2.security.message.jose;
- import java.util.ArrayList;
- import java.util.List;
- import java.util.Map;
- import java.util.Properties;
- import org.openspcoop2.core.mvc.properties.provider.ProviderException;
- import org.openspcoop2.core.mvc.properties.provider.ProviderValidationException;
- import org.openspcoop2.security.message.constants.SecurityConstants;
- import org.openspcoop2.security.message.utils.AbstractSecurityProvider;
- import org.openspcoop2.utils.security.JOSESerialization;
- import org.openspcoop2.utils.security.JWTOptions;
- /**
- * SecurityProvider
- *
- * @author Poli Andrea (poli@link.it)
- * @author $Author$
- * @version $Rev$, $Date$
- */
- public class SecurityProvider extends AbstractSecurityProvider {
- private boolean addSecretKey = false;
- public void addSecretKey() {
- this.addSecretKey = true;
- }
- @Override
- public void validate(Map<String, Properties> mapProperties) throws ProviderException, ProviderValidationException {
- JWTOptions jwtOptions = new JWTOptions(JOSESerialization.COMPACT); // una qualsaisi per la validazione
- boolean useHeaders = JOSEUtils.useJwtHeadersMapProperties(mapProperties, jwtOptions);
- if(useHeaders) {
- if(!jwtOptions.isPermitUseHeaderJKU() &&
- !jwtOptions.isPermitUseHeaderJWK() &&
- !jwtOptions.isPermitUseHeaderX5C() &&
- !jwtOptions.isPermitUseHeaderX5U() &&
- !jwtOptions.isPermitUseHeaderX5T() &&
- !jwtOptions.isPermitUseHeaderX5T_256() &&
- !jwtOptions.isPermitUseHeaderKID()
- ){
- throw new ProviderValidationException("Selezionare almeno un header");
- }
- }
-
- super.validate(mapProperties);
- }
- @Override
- public List<String> getValues(String id) throws ProviderException {
- if(JOSECostanti.ID_SIGNATURE_ALGORITHM.equals(id)) {
- List<String> l = new ArrayList<>();
- org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm [] tmp = org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm.values();
- for (int i = 0; i < tmp.length; i++) {
- l.add(tmp[i].name());
- }
- return l;
- }
- else if(JOSECostanti.ID_ENCRYPT_KEY_ALGORITHM.equals(id)) {
- List<String> l = new ArrayList<>();
- org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm [] tmp = org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm.values();
- for (int i = 0; i < tmp.length; i++) {
- l.add(tmp[i].name());
- }
- return l;
- }
- else if(JOSECostanti.ID_ENCRYPT_CONTENT_ALGORITHM.equals(id)) {
- List<String> l = new ArrayList<>();
- org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm [] tmp = org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm.values();
- for (int i = 0; i < tmp.length; i++) {
- l.add(tmp[i].name());
- }
- return l;
- }
- else if(SecurityConstants.KEYSTORE_TYPE.equals(id) ||
- SecurityConstants.SECRETKEYSTORE_TYPE.equals(id) ||
- SecurityConstants.TRUSTSTORE_TYPE.equals(id)) {
- List<String> l = super.getValues(id);
- l.add(0, SecurityConstants.KEYSTORE_TYPE_JWK_VALUE);
- if(SecurityConstants.TRUSTSTORE_TYPE.equals(id) ||
- (SecurityConstants.KEYSTORE_TYPE.equals(id) && (this.isAsTruststore() || this.addSecretKey))) {
- // aggiunto info mancanti come secret
- List<String> lSecret = super.getValues(SecurityConstants.SECRETKEYSTORE_TYPE);
- if(lSecret!=null && !lSecret.isEmpty()) {
- for (String type : lSecret) {
- if(!l.contains(type)) {
- l.add(type);
- }
- }
- }
- }
- return l;
- }
- else {
- return super.getValues(id);
- }
- }
- @Override
- public List<String> getLabels(String id) throws ProviderException {
- if(JOSECostanti.ID_SIGNATURE_ALGORITHM.equals(id) ||
- JOSECostanti.ID_ENCRYPT_KEY_ALGORITHM.equals(id) ||
- JOSECostanti.ID_ENCRYPT_CONTENT_ALGORITHM.equals(id)) {
- List<String> l = this.getValues(id);
- List<String> labels = new ArrayList<>();
- for (String value : l) {
- if(value.contains("_")) {
- String t = new String(value);
- while(t.contains("_")) {
- t = t.replace("_", "-");
- }
- labels.add(t);
- }
- else {
- labels.add(value);
- }
- }
- return labels;
- }
- else if(SecurityConstants.KEYSTORE_TYPE.equals(id) ||
- SecurityConstants.SECRETKEYSTORE_TYPE.equals(id) ||
- SecurityConstants.TRUSTSTORE_TYPE.equals(id)) {
- List<String> l = super.getLabels(id);
- l.add(0, SecurityConstants.KEYSTORE_TYPE_JWK_LABEL);
- if(SecurityConstants.TRUSTSTORE_TYPE.equals(id) ||
- (SecurityConstants.KEYSTORE_TYPE.equals(id) && (this.isAsTruststore() || this.addSecretKey))) {
- // aggiunto info mancanti come secret
- List<String> lSecret = super.getLabels(SecurityConstants.SECRETKEYSTORE_TYPE);
- if(lSecret!=null && !lSecret.isEmpty()) {
- for (String type : lSecret) {
- if(!l.contains(type)) {
- l.add(type);
- }
- }
- }
- }
- return l;
- }
- else {
- return super.getLabels(id);
- }
- }
- @Override
- public String getDefault(String id) throws ProviderException {
- if(JOSECostanti.ID_SIGNATURE_ALGORITHM.equals(id)) {
- return org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm.RS256.name();
- }
- else if(JOSECostanti.ID_ENCRYPT_KEY_ALGORITHM.equals(id)) {
- return org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm.RSA_OAEP_256.name();
- }
- else if(JOSECostanti.ID_ENCRYPT_CONTENT_ALGORITHM.equals(id)) {
- return org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm.A256GCM.name();
- }
- else {
- return super.getDefault(id);
- }
- }
- }