feat: use Bearer token if OPA started with it (#7353)

* feat: use Bearer token if OPA started with it #7340

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

* feat: use Bearer token if OPA started with it #7340

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

* feat: use Bearer token if OPA started with it #7340

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

* feat: use Bearer token if OPA started with it #7340

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

* feat: use Bearer token if OPA started with it #7340

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

* feat: use Bearer token if OPA started with it #7340

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

* feat: use Bearer token if OPA started with it #7340

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

* feat: use Bearer token if OPA started with it #7340

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

---------

Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>

docs/script-catalog/person_authentication/agama-bridge/AgamaBridge.py

@@ -6,7 +6,7 @@
 
 from io.jans.agama import NativeJansFlowBridge
 from io.jans.agama.engine.misc import FlowUtils
-from io.jans.as.common.service.common import EncryptionService
+io.jans.service import EncryptionService
 from io.jans.as.server.security import Identity
 from io.jans.as.server.service import AuthenticationService, UserService
 from io.jans.jsf2.service import FacesService

docs/script-catalog/person_authentication/forgot_password/forgot_password.py

@@ -14,7 +14,7 @@
 from io.jans.util import StringHelper
 from io.jans.as.server.util import ServerUtil
 from io.jans.as.common.service.common import ConfigurationService
-from io.jans.as.common.service.common import EncryptionService
+io.jans.service import EncryptionService
 from io.jans.jsf2.message import FacesMessages
 from jakarta.faces.application import FacesMessage
 from io.jans.orm.exception import AuthenticationException

docs/script-catalog/person_authentication/super-gluu-external-authenticator/SuperGluuExternalAuthenticator.py

@@ -18,7 +18,7 @@
 from io.jans.as.server.service.net import HttpService, HttpService2
 from io.jans.as.server.util import ServerUtil
 from io.jans.util import StringHelper
-from io.jans.as.common.service.common import EncryptionService
+io.jans.service import EncryptionService
 from io.jans.as.server.service import UserService
 from io.jans.service import MailService
 from io.jans.as.server.service.push.sns import PushPlatform

docs/script-catalog/person_authentication/user-cert-external-authenticator/UserCertExternalAuthenticator.py

@@ -13,7 +13,7 @@
 from io.jans.as.server.service import UserService
 from io.jans.util import StringHelper
 from io.jans.as.server.util import ServerUtil
-from io.jans.as.common.service.common import EncryptionService
+io.jans.service import EncryptionService
 from java.util import Arrays
 from io.jans.as.common.cert.fingerprint import FingerprintHelper
 from io.jans.as.common.cert.validation import GenericCertificateVerifier

jans-auth-server/common/src/main/java/io/jans/as/common/service/common/ConfigurationService.java

@@ -10,6 +10,7 @@
 import io.jans.as.persistence.model.configuration.GluuConfiguration;
 import io.jans.model.SmtpConfiguration;
 import io.jans.orm.PersistenceEntryManager;
+import io.jans.service.EncryptionService;
 import io.jans.util.StringHelper;
 import io.jans.util.security.StringEncrypter.EncryptionException;
 import org.slf4j.Logger;

jans-auth-server/common/src/main/java/io/jans/as/common/service/common/EncryptionService.java

@@ -1,80 +1,47 @@
 /*
- * Janssen Project software is available under the Apache License (2004). See http://www.apache.org/licenses/ for full text.
+ * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text.
  *
  * Copyright (c) 2020, Janssen Project
  */
 
 package io.jans.as.common.service.common;
 
-import io.jans.util.StringHelper;
-import io.jans.util.security.PropertiesDecrypter;
-import io.jans.util.security.StringEncrypter;
-import io.jans.util.security.StringEncrypter.EncryptionException;
-import org.slf4j.Logger;
+import java.util.Properties;
 
+import io.jans.util.security.StringEncrypter.EncryptionException;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
-import java.util.Properties;
 
 /**
- * Allows to decrypt passwords
+ * Proxy for compatibility with old versions
  *
- * @author Yuriy Movchan Date: 09/23/2014
+ * @author Yuriy Movchan Date: 01/12/2024
  */
 @ApplicationScoped
+@Deprecated
 public class EncryptionService {
 
-    @Inject
-    private Logger log;
-
-    @Inject
-    private StringEncrypter stringEncrypter;
-
-    public String decrypt(String encryptedString) throws EncryptionException {
-        if (StringHelper.isEmpty(encryptedString)) {
-            return null;
-        }
-
-        return stringEncrypter.decrypt(encryptedString);
-    }
-
-    public String decrypt(String encryptedValue, boolean returnSource) {
-        if (encryptedValue == null) {
-            return encryptedValue;
-        }
+	@Inject
+	private io.jans.service.EncryptionService encryptionService;
 
-        String resultValue;
-        if (returnSource) {
-            resultValue = encryptedValue;
-        } else {
-            resultValue = null;
-        }
+	public String decrypt(String encryptedString) throws EncryptionException {
+		return encryptionService.decrypt(encryptedString);
+	}
 
-        try {
-            resultValue = stringEncrypter.decrypt(encryptedValue);
-        } catch (Exception ex) {
-            if (!returnSource) {
-                log.error(String.format("Failed to decrypt value: '%s'", encryptedValue, ex));
-            }
-        }
-
-        return resultValue;
+	public String decrypt(String encryptedValue, boolean returnSource) {
+		return encryptionService.decrypt(encryptedValue, returnSource);
     }
 
-    public String encrypt(String unencryptedString) throws EncryptionException {
-        if (StringHelper.isEmpty(unencryptedString)) {
-            return null;
-        }
+	public String encrypt(String unencryptedString) throws EncryptionException {
+		return encryptionService.decrypt(unencryptedString);
+	}
 
-        return stringEncrypter.encrypt(unencryptedString);
-    }
+	public Properties decryptProperties(Properties connectionProperties) {
+		return encryptionService.decryptProperties(connectionProperties);
+	}
 
-    public Properties decryptProperties(Properties connectionProperties) {
-        return PropertiesDecrypter.decryptProperties(stringEncrypter, connectionProperties);
-    }
-
-    public Properties decryptAllProperties(Properties connectionProperties) {
-        return PropertiesDecrypter.decryptAllProperties(stringEncrypter, connectionProperties);
-    }
+	public Properties decryptAllProperties(Properties connectionProperties) {
+		return encryptionService.decryptAllProperties(connectionProperties);
+	}
 
 }

jans-auth-server/server/src/main/java/io/jans/as/server/service/AppInitializer.java

@@ -19,7 +19,6 @@
 import com.google.common.collect.Lists;
 
 import io.jans.as.common.service.common.ApplicationFactory;
-import io.jans.as.common.service.common.EncryptionService;
 import io.jans.as.model.common.FeatureFlagType;
 import io.jans.as.model.configuration.AppConfiguration;
 import io.jans.as.persistence.model.configuration.GluuConfiguration;
@@ -48,6 +47,7 @@
 import io.jans.orm.model.PersistenceConfiguration;
 import io.jans.orm.util.properties.FileConfiguration;
 import io.jans.service.ApplicationConfigurationFactory;
+import io.jans.service.EncryptionService;
 import io.jans.service.PythonService;
 import io.jans.service.cdi.async.Asynchronous;
 import io.jans.service.cdi.event.ApplicationInitialized;

jans-auth-server/server/src/main/java/io/jans/as/server/service/ClientService.java

@@ -6,9 +6,24 @@
 
 package io.jans.as.server.service;
 
+import static org.apache.commons.lang3.BooleanUtils.isFalse;
+import static org.apache.commons.lang3.BooleanUtils.isTrue;
+
+import java.util.Collection;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.List;
+import java.util.Set;
+import java.util.TimeZone;
+
+import org.apache.commons.lang3.BooleanUtils;
+import org.json.JSONArray;
+import org.slf4j.Logger;
+
+import com.google.common.base.Preconditions;
 import com.google.common.collect.Sets;
+
 import io.jans.as.common.model.registration.Client;
-import io.jans.as.common.service.common.EncryptionService;
 import io.jans.as.model.common.AuthenticationMethod;
 import io.jans.as.model.config.StaticConfiguration;
 import io.jans.as.model.configuration.AppConfiguration;
@@ -21,22 +36,14 @@
 import io.jans.orm.model.base.CustomObjectAttribute;
 import io.jans.service.BaseCacheService;
 import io.jans.service.CacheService;
+import io.jans.service.EncryptionService;
 import io.jans.service.LocalCacheService;
 import io.jans.util.StringHelper;
 import io.jans.util.security.StringEncrypter;
 import io.jans.util.security.StringEncrypter.EncryptionException;
 import jakarta.ejb.Stateless;
 import jakarta.inject.Inject;
 import jakarta.inject.Named;
-import org.apache.commons.lang3.BooleanUtils;
-import org.json.JSONArray;
-import com.google.common.base.Preconditions;
-import org.slf4j.Logger;
-
-import java.util.*;
-
-import static org.apache.commons.lang3.BooleanUtils.isFalse;
-import static org.apache.commons.lang3.BooleanUtils.isTrue;
 
 /**
  * Provides operations with clients.

jans-auth-server/server/src/main/java/io/jans/as/server/service/push/sns/PushSnsService.java

@@ -6,6 +6,11 @@
 
 package io.jans.as.server.service.push.sns;
 
+import java.io.IOException;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
 import com.amazonaws.auth.AWSStaticCredentialsProvider;
 import com.amazonaws.auth.BasicAWSCredentials;
 import com.amazonaws.regions.Regions;
@@ -16,19 +21,15 @@
 import com.amazonaws.services.sns.model.MessageAttributeValue;
 import com.amazonaws.services.sns.model.PublishRequest;
 import com.amazonaws.services.sns.model.PublishResult;
+
 import io.jans.as.common.model.common.User;
-import io.jans.as.common.service.common.EncryptionService;
 import io.jans.as.model.configuration.AppConfiguration;
 import io.jans.as.server.util.ServerUtil;
 import io.jans.orm.PersistenceEntryManager;
-
+import io.jans.service.EncryptionService;
 import jakarta.ejb.Stateless;
 import jakarta.inject.Inject;
 import jakarta.inject.Named;
-import java.io.IOException;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Map;
 
 /**
  * Provides operations to send AWS SNS push messages

jans-auth-server/server/src/test/java/io/jans/as/server/BaseComponentTest.java

@@ -6,7 +6,6 @@
 
 package io.jans.as.server;
 
-import io.jans.as.common.service.common.EncryptionService;
 import io.jans.as.common.service.common.InumService;
 import io.jans.as.common.service.common.UserService;
 import io.jans.as.model.config.StaticConfiguration;
@@ -24,6 +23,7 @@
 import io.jans.as.server.uma.service.UmaRptService;
 import io.jans.orm.PersistenceEntryManager;
 import io.jans.service.CacheService;
+import io.jans.service.EncryptionService;
 import io.jans.service.cdi.util.CdiUtil;
 
 /**

jans-casa/extras/Casa.py

@@ -2,7 +2,7 @@
 from io.jans.as.server.security import Identity
 from io.jans.as.server.service import AuthenticationService
 from io.jans.as.server.service import UserService
-from io.jans.as.common.service.common import EncryptionService
+io.jans.service import EncryptionService
 from io.jans.as.server.service.custom import CustomScriptService
 from io.jans.as.server.service.net import HttpService
 from io.jans.as.server.util import ServerUtil

jans-casa/extras/casa-external_super_gluu.py

@@ -18,7 +18,7 @@
 from io.jans.as.server.service.net import HttpService, HttpService2
 from io.jans.as.server.util import ServerUtil
 from io.jans.util import StringHelper
-from io.jans.as.common.service.common import EncryptionService
+io.jans.service import EncryptionService
 from io.jans.as.server.service import UserService
 from io.jans.service import MailService
 from io.jans.as.server.service.push.sns import PushPlatform

jans-casa/plugins/email_2fa_core/extras/email_2fa_core.py

@@ -11,7 +11,7 @@
 from io.jans.as.server.util import ServerUtil
 
 from io.jans.as.common.service.common import ConfigurationService
-from io.jans.as.common.service.common import EncryptionService
+io.jans.service import EncryptionService
 from io.jans.jsf2.message import FacesMessages
 from io.jans.casa.model import ApplicationConfiguration
 from io.jans.orm.exception import AuthenticationException

jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/auth/OAuth2Service.java

@@ -3,7 +3,6 @@
 import com.google.common.base.Strings;
 import com.google.common.collect.Sets;
 import io.jans.as.client.TokenRequest;
-import io.jans.as.common.service.common.EncryptionService;
 import io.jans.as.model.common.GrantType;
 import io.jans.ca.plugin.adminui.model.auth.ApiTokenRequest;
 import io.jans.ca.plugin.adminui.model.auth.TokenResponse;
@@ -14,6 +13,7 @@
 import io.jans.ca.plugin.adminui.service.config.AUIConfigurationService;
 import io.jans.ca.plugin.adminui.utils.CommonUtils;
 import io.jans.ca.plugin.adminui.utils.ErrorResponse;
+import io.jans.service.EncryptionService;
 import jakarta.inject.Inject;
 import jakarta.inject.Singleton;
 import jakarta.ws.rs.core.Response;

jans-config-api/plugins/admin-ui-plugin/src/main/java/io/jans/ca/plugin/adminui/service/config/AUIConfigurationService.java

@@ -3,7 +3,6 @@
 import com.google.api.client.util.Strings;
 import com.google.common.collect.Maps;
 import io.jans.as.client.TokenRequest;
-import io.jans.as.common.service.common.EncryptionService;
 import io.jans.as.model.common.GrantType;
 import io.jans.as.model.config.adminui.AdminConf;
 import io.jans.as.model.config.adminui.LicenseConfig;
@@ -19,6 +18,7 @@
 import io.jans.ca.plugin.adminui.utils.ErrorResponse;
 import io.jans.configapi.service.auth.ConfigurationService;
 import io.jans.orm.PersistenceEntryManager;
+import io.jans.service.EncryptionService;
 import jakarta.inject.Inject;
 import jakarta.inject.Singleton;
 import jakarta.ws.rs.core.Response;

jans-config-api/plugins/jans-link-plugin/src/main/java/io/jans/configapi/plugin/link/rest/JansLinkConfigResource.java

@@ -6,14 +6,14 @@
 
 package io.jans.configapi.plugin.link.rest;
 
-import io.jans.as.common.service.common.EncryptionService;
 import io.jans.configapi.core.rest.BaseResource;
 import io.jans.configapi.core.rest.ProtectedApi;
 import io.jans.configapi.plugin.link.util.Constants;
 import io.jans.configapi.plugin.link.service.JansLinkService;
 import io.jans.configapi.util.ApiAccessConstants;
 import io.jans.link.model.config.AppConfiguration;
 import io.jans.model.ldap.GluuLdapConfiguration;
+import io.jans.service.EncryptionService;
 import io.jans.util.security.StringEncrypter.EncryptionException;
 
 import io.swagger.v3.oas.annotations.Operation;

jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ClientsResource.java

@@ -10,7 +10,6 @@
 import com.github.fge.jsonpatch.JsonPatchException;
 import static io.jans.as.model.util.Util.escapeLog;
 import io.jans.as.common.model.registration.Client;
-import io.jans.as.common.service.common.EncryptionService;
 import io.jans.as.common.service.common.InumService;
 import io.jans.as.persistence.model.Scope;
 import io.jans.configapi.core.rest.ProtectedApi;
@@ -28,6 +27,7 @@
 import io.jans.orm.PersistenceEntryManager;
 import io.jans.orm.exception.EntryPersistenceException;
 import io.jans.orm.model.PagedResult;
+import io.jans.service.EncryptionService;
 import io.jans.util.StringHelper;
 import io.jans.util.security.StringEncrypter.EncryptionException;
 

jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/ConfigSmtpResource.java

@@ -7,13 +7,13 @@
 package io.jans.configapi.rest.resource.auth;
 
 import io.jans.as.common.service.common.ConfigurationService;
-import io.jans.as.common.service.common.EncryptionService;
 import io.jans.as.persistence.model.configuration.GluuConfiguration;
 import io.jans.configapi.core.rest.ProtectedApi;
 import io.jans.configapi.util.ApiAccessConstants;
 import io.jans.configapi.util.ApiConstants;
 import io.jans.model.SmtpConfiguration;
 import io.jans.model.SmtpTest;
+import io.jans.service.EncryptionService;
 import io.jans.service.MailService;
 import io.jans.util.security.StringEncrypter.EncryptionException;
 

jans-config-api/server/src/main/java/io/jans/configapi/service/auth/CouchbaseConfService.java

@@ -8,10 +8,10 @@
 
 import com.github.fge.jackson.JacksonUtils;
 import com.google.common.collect.Lists;
-import io.jans.as.common.service.common.EncryptionService;
 import io.jans.as.persistence.model.configuration.GluuConfiguration;
 import io.jans.as.persistence.model.configuration.IDPAuthConf;
 import io.jans.orm.couchbase.model.CouchbaseConnectionConfiguration;
+import io.jans.service.EncryptionService;
 import io.jans.util.security.StringEncrypter;
 import org.apache.commons.lang3.StringUtils;
 

jans-config-api/server/src/main/java/io/jans/configapi/service/auth/LdapConfigurationService.java

@@ -9,10 +9,10 @@
 import com.github.fge.jackson.JacksonUtils;
 import com.google.common.collect.Iterables;
 import com.google.common.collect.Lists;
-import io.jans.as.common.service.common.EncryptionService;
 import io.jans.as.persistence.model.configuration.GluuConfiguration;
 import io.jans.as.persistence.model.configuration.IDPAuthConf;
 import io.jans.model.ldap.GluuLdapConfiguration;
+import io.jans.service.EncryptionService;
 import io.jans.util.security.StringEncrypter;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;