feat(jans-auth-server): renamed "key_ops" -> "key_ops_type" #3790

Some frameworks does not allow custom key_ops like "ssa" (e.g. nimbus)
JanssenProject · Feb 7, 2023 · 414c1d9 · 414c1d9
1 parent 697efc5
commit 414c1d9
Show file tree

Hide file tree

Showing 16 changed files with 98 additions and 98 deletions.
diff --git a/jans-auth-server/client/src/main/java/io/jans/as/client/util/KeyGenerator.java b/jans-auth-server/client/src/main/java/io/jans/as/client/util/KeyGenerator.java
@@ -58,7 +58,7 @@ public class KeyGenerator {
     private static final String KEY_LENGTH = "key_length";
     private static final String HELP = "h";
     private static final String TEST_PROP_FILE = "test_prop_file";
-    private static final String KEY_OPS = "key_ops";
+    private static final String KEY_OPS_TYPE = "key_ops_type";
 
     private static final String KEY_NAME_SUFFIX = "_keyId";
 
@@ -98,7 +98,7 @@ public Cli(String[] args) {
             options.addOption(EXPIRATION, true, "Expiration in days.");
             options.addOption(EXPIRATION_HOURS, true, "Expiration in hours.");
             options.addOption(KEY_LENGTH, true, "Key length");
-            options.addOption(KEY_OPS, true, "Key Operations");
+            options.addOption(KEY_OPS_TYPE, true, "Key Operations Type");
             options.addOption(TEST_PROP_FILE, true, "Tests property file.");
             options.addOption(HELP, false, "Show help.");
         }
@@ -119,7 +119,7 @@ public void parse() {
                     help();
                 }
 
-                final KeyOps keyOps = parseKeyOps(cmd);
+                final KeyOpsType keyOpsType = parseKeyOps(cmd);
 
                 String[] sigAlgorithms = cmd.getOptionValues(SIGNING_KEYS);
                 String[] encAlgorithms = cmd.getOptionValues(ENCRYPTION_KEYS);
@@ -135,7 +135,7 @@ public void parse() {
                 context.setExpirationHours(StringHelper.toInt(cmd.getOptionValue(EXPIRATION_HOURS), 0));
                 context.calculateExpiration();
                 context.setTestPropFile(TestPropFile.create(cmd));
-                context.setKeyOps(keyOps);
+                context.setKeyOpsType(keyOpsType);
 
                 if (cmd.hasOption(OXELEVEN_ACCESS_TOKEN) && cmd.hasOption(OXELEVEN_GENERATE_KEY_ENDPOINT)) {
                     generateKeysWithEleven(cmd, signatureAlgorithms, encryptionAlgorithms, context);
@@ -153,16 +153,16 @@ public void parse() {
         }
 
         @Nullable
-        private KeyOps parseKeyOps(CommandLine cmd) {
-            if (!cmd.hasOption(KEY_OPS)) {
+        private KeyOpsType parseKeyOps(CommandLine cmd) {
+            if (!cmd.hasOption(KEY_OPS_TYPE)) {
                 help();
             }
 
-            final KeyOps keyOps = KeyOps.fromString(cmd.getOptionValue(KEY_OPS));
-            if (keyOps == null) {
+            final KeyOpsType keyOpsType = KeyOpsType.fromString(cmd.getOptionValue(KEY_OPS_TYPE));
+            if (keyOpsType == null) {
                 help();
             }
-            return keyOps;
+            return keyOpsType;
         }
 
         private void generateKeysWithJansAuth(CommandLine cmd, List<Algorithm> signatureAlgorithms, List<Algorithm> encryptionAlgorithms, KeyGeneratorContext context) {
@@ -202,25 +202,25 @@ private void generateKeys(KeyGeneratorContext context, List<Algorithm> signature
                                   List<Algorithm> encryptionAlgorithms) throws CryptoProviderException, IOException {
             JSONWebKeySet jwks = new JSONWebKeySet();
 
-            final KeyOps keyOps = context.getKeyOps();
-            if (keyOps == KeyOps.ALL) {
-                generateSignatureKeys(context, signatureAlgorithms, jwks, KeyOps.CONNECT);
-                generateSignatureKeys(context, signatureAlgorithms, jwks, KeyOps.SSA);
-                generateEncryptionKeys(context, encryptionAlgorithms, jwks, KeyOps.CONNECT);
-                generateEncryptionKeys(context, encryptionAlgorithms, jwks, KeyOps.SSA);
+            final KeyOpsType keyOpsType = context.getKeyOpsType();
+            if (keyOpsType == KeyOpsType.ALL) {
+                generateSignatureKeys(context, signatureAlgorithms, jwks, KeyOpsType.CONNECT);
+                generateSignatureKeys(context, signatureAlgorithms, jwks, KeyOpsType.SSA);
+                generateEncryptionKeys(context, encryptionAlgorithms, jwks, KeyOpsType.CONNECT);
+                generateEncryptionKeys(context, encryptionAlgorithms, jwks, KeyOpsType.SSA);
             } else {
-                generateSignatureKeys(context, signatureAlgorithms, jwks, keyOps);
-                generateEncryptionKeys(context, encryptionAlgorithms, jwks, keyOps);
+                generateSignatureKeys(context, signatureAlgorithms, jwks, keyOpsType);
+                generateEncryptionKeys(context, encryptionAlgorithms, jwks, keyOpsType);
             }
 
             context.getTestPropFile().generate();
             System.out.println(jwks);
         }
 
-        private void generateEncryptionKeys(KeyGeneratorContext context, List<Algorithm> encryptionAlgorithms, JSONWebKeySet jwks, KeyOps keyOps) throws CryptoProviderException {
+        private void generateEncryptionKeys(KeyGeneratorContext context, List<Algorithm> encryptionAlgorithms, JSONWebKeySet jwks, KeyOpsType keyOpsType) throws CryptoProviderException {
             for (Algorithm algorithm : encryptionAlgorithms) {
                 KeyEncryptionAlgorithm encryptionAlgorithm = KeyEncryptionAlgorithm.fromName(algorithm.getParamName());
-                JSONObject result = context.getCryptoProvider().generateKey(algorithm, context.getExpirationForKeyOps(keyOps), context.getKeyLength(), keyOps);
+                JSONObject result = context.getCryptoProvider().generateKey(algorithm, context.getExpirationForKeyOpsType(keyOpsType), context.getKeyLength(), keyOpsType);
 
                 JSONWebKey key = new JSONWebKey();
 
@@ -236,7 +236,7 @@ private void generateEncryptionKeys(KeyGeneratorContext context, List<Algorithm>
                 key.setE(result.optString(EXPONENT));
                 key.setX(result.optString(X));
                 key.setY(result.optString(Y));
-                key.setKeyOps(Collections.singletonList(keyOps));
+                key.setKeyOpsType(Collections.singletonList(keyOpsType));
 
                 JSONArray x5c = result.optJSONArray(CERTIFICATE_CHAIN);
                 key.setX5c(StringUtils.toList(x5c));
@@ -247,10 +247,10 @@ private void generateEncryptionKeys(KeyGeneratorContext context, List<Algorithm>
             }
         }
 
-        private void generateSignatureKeys(KeyGeneratorContext context, List<Algorithm> signatureAlgorithms, JSONWebKeySet jwks, KeyOps keyOps) throws CryptoProviderException {
+        private void generateSignatureKeys(KeyGeneratorContext context, List<Algorithm> signatureAlgorithms, JSONWebKeySet jwks, KeyOpsType keyOpsType) throws CryptoProviderException {
             for (Algorithm algorithm : signatureAlgorithms) {
                 SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(algorithm.getParamName());
-                JSONObject result = context.getCryptoProvider().generateKey(algorithm, context.getExpirationForKeyOps(keyOps), context.getKeyLength(), keyOps);
+                JSONObject result = context.getCryptoProvider().generateKey(algorithm, context.getExpirationForKeyOpsType(keyOpsType), context.getKeyLength(), keyOpsType);
 
                 JSONWebKey key = new JSONWebKey();
 
@@ -266,7 +266,7 @@ private void generateSignatureKeys(KeyGeneratorContext context, List<Algorithm>
                 key.setE(result.optString(EXPONENT));
                 key.setX(result.optString(X));
                 key.setY(result.optString(Y));
-                key.setKeyOps(Collections.singletonList(keyOps));
+                key.setKeyOpsType(Collections.singletonList(keyOpsType));
 
                 JSONArray x5c = result.optJSONArray(CERTIFICATE_CHAIN);
                 key.setX5c(StringUtils.toList(x5c));

diff --git a/jans-auth-server/client/src/main/java/io/jans/as/client/util/KeyGeneratorContext.java b/jans-auth-server/client/src/main/java/io/jans/as/client/util/KeyGeneratorContext.java
@@ -1,7 +1,7 @@
 package io.jans.as.client.util;
 
 import io.jans.as.model.crypto.AbstractCryptoProvider;
-import io.jans.as.model.jwk.KeyOps;
+import io.jans.as.model.jwk.KeyOpsType;
 
 import java.util.Calendar;
 import java.util.GregorianCalendar;
@@ -18,7 +18,7 @@ public class KeyGeneratorContext {
     private int expirationDays;
     private int expirationHours;
     private Calendar expiration;
-    private KeyOps keyOps;
+    private KeyOpsType keyOpsType;
 
     public void calculateExpiration() {
         Calendar calendar = new GregorianCalendar();
@@ -27,24 +27,24 @@ public void calculateExpiration() {
         this.expiration = calendar;
     }
 
-    public long getExpirationForKeyOps(KeyOps keyOps) {
+    public long getExpirationForKeyOpsType(KeyOpsType keyOpsType) {
         if (expiration == null) {
             calculateExpiration();
         }
-        if (keyOps == KeyOps.SSA) {
+        if (keyOpsType == KeyOpsType.SSA) {
             Calendar calendar = new GregorianCalendar();
             calendar.add(Calendar.YEAR, 50);
             return calendar.getTimeInMillis();
         }
         return expiration.getTimeInMillis();
     }
 
-    public KeyOps getKeyOps() {
-        return keyOps;
+    public KeyOpsType getKeyOpsType() {
+        return keyOpsType;
     }
 
-    public void setKeyOps(KeyOps keyOps) {
-        this.keyOps = keyOps;
+    public void setKeyOpsType(KeyOpsType keyOpsType) {
+        this.keyOpsType = keyOpsType;
     }
 
     public Calendar getExpiration() {

diff --git a/jans-auth-server/client/src/test/java/io/jans/as/client/util/KeyGeneratorContextTest.java b/jans-auth-server/client/src/test/java/io/jans/as/client/util/KeyGeneratorContextTest.java
@@ -1,6 +1,6 @@
 package io.jans.as.client.util;
 
-import io.jans.as.model.jwk.KeyOps;
+import io.jans.as.model.jwk.KeyOpsType;
 import org.testng.annotations.Test;
 
 import java.util.Calendar;
@@ -17,7 +17,7 @@ public void getExpirationForKeyOps_forConnectKeyOps_shouldReturnPassedExpiration
         KeyGeneratorContext context = new KeyGeneratorContext();
         context.setExpirationHours(1);
 
-        final long expirationForKeyOps = context.getExpirationForKeyOps(KeyOps.CONNECT);
+        final long expirationForKeyOps = context.getExpirationForKeyOpsType(KeyOpsType.CONNECT);
 
         assertTrue(expirationForKeyOps < futureIn2Hours());
     }
@@ -27,7 +27,7 @@ public void getExpirationForKeyOps_forSSAKeyOps_shouldReturnExpirationFarInFutur
         KeyGeneratorContext context = new KeyGeneratorContext();
         context.setExpirationHours(1);
 
-        final long expirationForKeyOps = context.getExpirationForKeyOps(KeyOps.SSA);
+        final long expirationForKeyOps = context.getExpirationForKeyOpsType(KeyOpsType.SSA);
 
         assertTrue(expirationForKeyOps > futureIn2Hours());
     }

diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/crypto/AbstractCryptoProvider.java b/jans-auth-server/model/src/main/java/io/jans/as/model/crypto/AbstractCryptoProvider.java
@@ -49,7 +49,7 @@ public abstract class AbstractCryptoProvider {
 
     public abstract JSONObject generateKey(Algorithm algorithm, Long expirationTime, int keyLength) throws CryptoProviderException;
 
-    public abstract JSONObject generateKey(Algorithm algorithm, Long expirationTime, int keyLength, KeyOps keyOps) throws CryptoProviderException;
+    public abstract JSONObject generateKey(Algorithm algorithm, Long expirationTime, int keyLength, KeyOpsType keyOpsType) throws CryptoProviderException;
 
     public abstract String sign(String signingInput, String keyId, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws CryptoProviderException;
 
@@ -68,7 +68,7 @@ public List<String> getKeys() {
     public abstract PublicKey getPublicKey(String alias) throws CryptoProviderException;
 
     @SuppressWarnings("java:S1130")
-    public String getKeyId(JSONWebKeySet jsonWebKeySet, Algorithm algorithm, Use use, KeyOps keyOps) throws CryptoProviderException {
+    public String getKeyId(JSONWebKeySet jsonWebKeySet, Algorithm algorithm, Use use, KeyOpsType keyOps) throws CryptoProviderException {
         if (algorithm == null || AlgorithmFamily.HMAC.equals(algorithm.getFamily())) {
             return null;
         }

diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/crypto/AuthCryptoProvider.java b/jans-auth-server/model/src/main/java/io/jans/as/model/crypto/AuthCryptoProvider.java
@@ -158,17 +158,17 @@ public JSONObject generateKey(Algorithm algorithm, Long expirationTime) throws C
     }
 
     @Override
-    public JSONObject generateKey(Algorithm algorithm, Long expirationTime, int keyLength, KeyOps keyOps) throws CryptoProviderException {
+    public JSONObject generateKey(Algorithm algorithm, Long expirationTime, int keyLength, KeyOpsType keyOpsType) throws CryptoProviderException {
         if (algorithm == null) {
             throw new IllegalArgumentException("The signature algorithm parameter cannot be null");
         }
         JSONObject jsonObject = null;
         try {
             Use algUse = algorithm.getUse();
             if (algUse == Use.SIGNATURE) {
-                jsonObject = generateKeySignature(algorithm, expirationTime, keyLength, keyOps);
+                jsonObject = generateKeySignature(algorithm, expirationTime, keyLength, keyOpsType);
             } else if (algUse == Use.ENCRYPTION) {
-                jsonObject = generateKeyEncryption(algorithm, expirationTime, keyLength, keyOps);
+                jsonObject = generateKeyEncryption(algorithm, expirationTime, keyLength, keyOpsType);
             }
         } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException | OperatorCreationException
                 | CertificateException | KeyStoreException | IOException e) {
@@ -179,21 +179,21 @@ public JSONObject generateKey(Algorithm algorithm, Long expirationTime, int keyL
 
     @Override
     public JSONObject generateKey(Algorithm algorithm, Long expirationTime, int keyLength) throws CryptoProviderException {
-        return generateKey(algorithm, expirationTime, keyLength, KeyOps.CONNECT);
+        return generateKey(algorithm, expirationTime, keyLength, KeyOpsType.CONNECT);
     }
 
     private static String getKidSuffix(Algorithm algorithm) {
         return "_" + algorithm.getUse().getParamName().toLowerCase() + "_" + algorithm.getParamName().toLowerCase();
     }
 
-    public String getAliasByAlgorithmForDeletion(Algorithm algorithm, String newAlias, KeyOps keyOps) throws KeyStoreException {
+    public String getAliasByAlgorithmForDeletion(Algorithm algorithm, String newAlias, KeyOpsType keyOpsType) throws KeyStoreException {
         for (String alias : Collections.list(keyStore.aliases())) {
 
             if (newAlias.equals(alias)) { // skip newly created alias or ssa keys
                 continue;
             }
 
-            if (alias.startsWith(keyOps.getValue()) && alias.endsWith(getKidSuffix(algorithm))) {
+            if (alias.startsWith(keyOpsType.getValue()) && alias.endsWith(getKidSuffix(algorithm))) {
                 return alias;
             }
         }
@@ -302,7 +302,7 @@ public PublicKey getPublicKey(String alias) throws CryptoProviderException {
     }
 
     @Override
-    public String getKeyId(JSONWebKeySet jsonWebKeySet, Algorithm algorithm, Use use, KeyOps keyOps) throws CryptoProviderException {
+    public String getKeyId(JSONWebKeySet jsonWebKeySet, Algorithm algorithm, Use use, KeyOpsType keyOpsType) throws CryptoProviderException {
         if (algorithm == null || AlgorithmFamily.HMAC.equals(algorithm.getFamily())) {
             return null;
         }
@@ -315,7 +315,7 @@ public String getKeyId(JSONWebKeySet jsonWebKeySet, Algorithm algorithm, Use use
             List<JSONWebKey> keysByAlgAndUse = new ArrayList<>();
 
             for (JSONWebKey key : keys) {
-                boolean keyOpsCondition = keyOps == null || (key.getKeyOps() == null || key.getKeyOps().contains(keyOps));
+                boolean keyOpsCondition = keyOpsType == null || (key.getKeyOpsType() == null || key.getKeyOpsType().contains(keyOpsType));
                 if (algorithm == key.getAlg() && (use == null || use == key.getUse()) && keyOpsCondition) {
                     kid = key.getKid();
                     Key keyFromStore;
@@ -327,7 +327,7 @@ public String getKeyId(JSONWebKeySet jsonWebKeySet, Algorithm algorithm, Use use
             }
 
             if (keysByAlgAndUse.isEmpty()) {
-                LOG.trace("kid is not in keystore, algorithm: {}" + algorithm + ", kid: " + kid + ", keyStorePath:" + keyStoreFile + ", keyOps: " + keyOps + ", use: " + use);
+                LOG.trace("kid is not in keystore, algorithm: {}" + algorithm + ", kid: " + kid + ", keyStorePath:" + keyStoreFile + ", keyOpsType: " + keyOpsType + ", use: " + use);
                 return kid;
             }
 
@@ -429,7 +429,7 @@ public KeyStore getKeyStore() {
         return keyStore;
     }
 
-    private JSONObject generateKeySignature(Algorithm algorithm, Long expirationTime, int keyLength, KeyOps keyOps)
+    private JSONObject generateKeySignature(Algorithm algorithm, Long expirationTime, int keyLength, KeyOpsType keyOpsType)
             throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, OperatorCreationException,
             CertificateException, KeyStoreException, IOException {
 
@@ -459,10 +459,10 @@ private JSONObject generateKeySignature(Algorithm algorithm, Long expirationTime
                 throw new IllegalStateException("The provided signature algorithm parameter is not supported: algorithmFamily = " + algorithmFamily);
 
         }
-        return getJson(algorithm, keyGen, signatureAlgorithm.getAlgorithm(), expirationTime, keyOps);
+        return getJson(algorithm, keyGen, signatureAlgorithm.getAlgorithm(), expirationTime, keyOpsType);
     }
 
-    private JSONObject generateKeyEncryption(Algorithm algorithm, Long expirationTime, int keyLength, KeyOps keyOps) throws NoSuchAlgorithmException, NoSuchProviderException,
+    private JSONObject generateKeyEncryption(Algorithm algorithm, Long expirationTime, int keyLength, KeyOpsType keyOpsType) throws NoSuchAlgorithmException, NoSuchProviderException,
             InvalidAlgorithmParameterException, OperatorCreationException, CertificateException, KeyStoreException, IOException {
 
         KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.fromName(algorithm.getParamName());
@@ -490,16 +490,16 @@ private JSONObject generateKeyEncryption(Algorithm algorithm, Long expirationTim
                         "The provided key encryption algorithm parameter is not supported: algorithmFamily = " + algorithmFamily);
 
         }
-        return getJson(algorithm, keyGen, signatureAlgorithm, expirationTime, keyOps);
+        return getJson(algorithm, keyGen, signatureAlgorithm, expirationTime, keyOpsType);
     }
 
-    private String getKid(Algorithm algorithm, KeyOps keyOps) {
-        if (keyOps == null)
-            keyOps = KeyOps.CONNECT;
-        return keyOps.getValue() + "_" + UUID.randomUUID().toString() + getKidSuffix(algorithm);
+    private String getKid(Algorithm algorithm, KeyOpsType keyOpsType) {
+        if (keyOpsType == null)
+            keyOpsType = KeyOpsType.CONNECT;
+        return keyOpsType.getValue() + "_" + UUID.randomUUID().toString() + getKidSuffix(algorithm);
     }
 
-    private JSONObject getJson(final Algorithm algorithm, final KeyPairGenerator keyGen, final String signatureAlgorithmStr, final Long expirationTime, KeyOps keyOps) throws NoSuchAlgorithmException,
+    private JSONObject getJson(final Algorithm algorithm, final KeyPairGenerator keyGen, final String signatureAlgorithmStr, final Long expirationTime, KeyOpsType keyOpsType) throws NoSuchAlgorithmException,
             OperatorCreationException, CertificateException, KeyStoreException, IOException {
 
         // Generate the key
@@ -512,10 +512,10 @@ private JSONObject getJson(final Algorithm algorithm, final KeyPairGenerator key
         X509Certificate[] chain = new X509Certificate[1];
         chain[0] = cert;
 
-        String alias = getKid(algorithm, keyOps);
+        String alias = getKid(algorithm, keyOpsType);
         keyStore.setKeyEntry(alias, pk, keyStoreSecret.toCharArray(), chain);
 
-        final String oldAliasByAlgorithm = getAliasByAlgorithmForDeletion(algorithm, alias, keyOps);
+        final String oldAliasByAlgorithm = getAliasByAlgorithmForDeletion(algorithm, alias, keyOpsType);
         if (StringUtils.isNotBlank(oldAliasByAlgorithm)) {
             keyStore.deleteEntry(oldAliasByAlgorithm);
             LOG.trace("New key: " + alias + ", deleted key: " + oldAliasByAlgorithm);