feat(docker-jans): introduce key_ops when generating keys (#3770)

JanssenProject · Feb 2, 2023 · 2495842 · 2495842
1 parent 540f619
commit 2495842
Show file tree

Hide file tree

Showing 6 changed files with 11 additions and 7 deletions.
diff --git a/docker-jans-auth-server/Dockerfile b/docker-jans-auth-server/Dockerfile
@@ -56,7 +56,7 @@ RUN /opt/jython/bin/pip uninstall -y pip
 # ===========
 
 ENV CN_VERSION=1.0.7-SNAPSHOT
-ENV CN_BUILD_DATE='2023-01-31 09:53'
+ENV CN_BUILD_DATE='2023-02-02 08:18'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-server/${CN_VERSION}/jans-auth-server-${CN_VERSION}.war
 
 # Install Jans Auth

diff --git a/docker-jans-certmanager/Dockerfile b/docker-jans-certmanager/Dockerfile
@@ -17,7 +17,7 @@ RUN apk update \
 
 # JAR files required to generate OpenID Connect keys
 ENV CN_VERSION=1.0.7-SNAPSHOT
-ENV CN_BUILD_DATE='2023-01-09 12:19'
+ENV CN_BUILD_DATE='2023-02-02 08:17'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-client/${CN_VERSION}/jans-auth-client-${CN_VERSION}-jar-with-dependencies.jar
 
 RUN wget -q ${CN_SOURCE_URL} -P /app/javalibs/

diff --git a/docker-jans-certmanager/scripts/auth_handler.py b/docker-jans-certmanager/scripts/auth_handler.py
@@ -25,7 +25,7 @@
 logger = logging.getLogger("certmanager")
 
 SIG_KEYS = "RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512"
-ENC_KEYS = "RSA1_5 RSA-OAEP"
+ENC_KEYS = "RSA1_5 RSA-OAEP ECDH-ES"
 KEY_STRATEGIES = ("OLDER", "NEWER", "FIRST")
 
 
@@ -61,7 +61,8 @@ def generate_openid_keys(passwd, jks_path, dn, exp=48, sig_keys=SIG_KEYS, enc_ke
         "io.jans.as.client.util.KeyGenerator "
         f"-enc_keys {enc_keys} -sig_keys {sig_keys} "
         f"-dnname '{dn}' -expiration_hours {exp} "
-        f"-keystore {jks_path} -keypasswd {passwd}"
+        f"-keystore {jks_path} -keypasswd {passwd} "
+        "-key_ops connect"
     )
     return exec_cmd(cmd)
 

diff --git a/docker-jans-certmanager/scripts/utils.py b/docker-jans-certmanager/scripts/utils.py
@@ -36,7 +36,8 @@ def generate_openid_keys(passwd, jks_path, jwks_path, dn, exp=365, sig_keys=DEFA
         "io.jans.as.client.util.KeyGenerator "
         f"-enc_keys {enc_keys} -sig_keys {sig_keys} "
         f"-dnname '{dn}' -expiration_hours {exp} "
-        f"-keystore {jks_path} -keypasswd {passwd}"
+        f"-keystore {jks_path} -keypasswd {passwd} "
+        "-key_ops connect"
     )
 
     out, err, retcode = exec_cmd(cmd)

diff --git a/docker-jans-configurator/Dockerfile b/docker-jans-configurator/Dockerfile
@@ -17,7 +17,7 @@ RUN apk update \
 
 # JAR files required to generate OpenID Connect keys
 ENV CN_VERSION=1.0.7-SNAPSHOT
-ENV CN_BUILD_DATE='2023-01-09 12:19'
+ENV CN_BUILD_DATE='2023-02-02 08:17'
 ENV CN_SOURCE_URL=https://jenkins.jans.io/maven/io/jans/jans-auth-client/${CN_VERSION}/jans-auth-client-${CN_VERSION}-jar-with-dependencies.jar
 
 RUN wget -q ${CN_SOURCE_URL} -P /app/javalibs/

diff --git a/docker-jans-configurator/scripts/bootstrap.py b/docker-jans-configurator/scripts/bootstrap.py
@@ -29,7 +29,7 @@
 from settings import LOGGING_CONFIG
 
 DEFAULT_SIG_KEYS = "RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512"
-DEFAULT_ENC_KEYS = "RSA1_5 RSA-OAEP"
+DEFAULT_ENC_KEYS = "RSA1_5 RSA-OAEP ECDH-ES"
 
 DEFAULT_CONFIG_FILE = "/app/db/config.json"
 DEFAULT_SECRET_FILE = "/app/db/secret.json"
@@ -63,6 +63,7 @@ def generate_openid_keys(passwd, jks_path, jwks_path, dn, exp=365, sig_keys=DEFA
         "-expiration", "{}".format(exp),
         "-keystore", jks_path,
         "-keypasswd", passwd,
+        "-key_ops", "connect",
     ])
     out, err, retcode = exec_cmd(cmd)
     if retcode == 0:
@@ -83,6 +84,7 @@ def generate_openid_keys_hourly(passwd, jks_path, jwks_path, dn, exp=48, sig_key
         "-expiration_hours", "{}".format(exp),
         "-keystore", jks_path,
         "-keypasswd", passwd,
+        "-key_ops", "connect",
     ])
     out, err, retcode = exec_cmd(cmd)
     if retcode == 0: