(syncope) branch 3_0_X updated: [SYNCOPE-1897] Mapping GoogleAuthenticatorMultifactorProperties#crypto

Wed, 23 Jul 2025 05:05:03 -0700 

This is an automated email from the ASF dual-hosted git repository.

ilgrosso pushed a commit to branch 3_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/3_0_X by this push:
     new 8fe916950e [SYNCOPE-1897] Mapping 
GoogleAuthenticatorMultifactorProperties#crypto
8fe916950e is described below

commit 8fe916950e69966e9b96a8debf3ed4952521593c
Author: Francesco Chicchiriccò <[email protected]>
AuthorDate: Wed Jul 23 13:57:55 2025 +0200

    [SYNCOPE-1897] Mapping GoogleAuthenticatorMultifactorProperties#crypto
---
 .../common/lib/auth/GoogleMfaAuthModuleConf.java   | 105 +++++++++++++++++++++
 pom.xml                                            |   2 +-
 .../mapping/AuthModulePropertySourceMapper.java    |   9 ++
 3 files changed, 115 insertions(+), 1 deletion(-)

diff --git 
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/GoogleMfaAuthModuleConf.java
 
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/GoogleMfaAuthModuleConf.java
index 829fa1d29a..bbd17cd91d 100644
--- 
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/GoogleMfaAuthModuleConf.java
+++ 
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/GoogleMfaAuthModuleConf.java
@@ -20,13 +20,27 @@ package org.apache.syncope.common.lib.auth;
 
 import java.io.Serializable;
 import java.util.Map;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.syncope.common.lib.AbstractLDAPConf;
 import org.apache.syncope.common.lib.to.AuthModuleTO;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionEncoding;
 
 public class GoogleMfaAuthModuleConf implements MFAAuthModuleConf, 
LDAPDependantAuthModuleConf {
 
     private static final long serialVersionUID = -7883257599139312426L;
 
+    public enum CryptoStrategy {
+        /**
+         * Encrypt the value first, and then sign.
+         */
+        ENCRYPT_AND_SIGN,
+        /**
+         * Sign the value first, and then encrypt.
+         */
+        SIGN_AND_ENCRYPT;
+
+    }
+
     public static class LDAP extends AbstractLDAPConf implements Serializable {
 
         private static final long serialVersionUID = -7274446267090678730L;
@@ -75,6 +89,41 @@ public class GoogleMfaAuthModuleConf implements 
MFAAuthModuleConf, LDAPDependant
      */
     private int windowSize = 3;
 
+    /**
+     * Whether crypto operations are enabled.
+     */
+    private boolean enableCrypto = true;
+
+    /**
+     * The signing/encryption algorithm to use.
+     */
+    private OIDCTokenEncryptionEncoding cryptoAlgorithm = 
OIDCTokenEncryptionEncoding.A256CBC_HS512;
+
+    /**
+     * Control the cipher sequence of operations.
+     */
+    private CryptoStrategy cryptoStrategy = CryptoStrategy.ENCRYPT_AND_SIGN;
+
+    /**
+     * The signing key size.
+     */
+    private int signingKeySize = 512;
+
+    /**
+     * The signing key is a JWT whose length is defined by the signing key 
size setting.
+     */
+    private String signingKey = StringUtils.EMPTY;
+
+    /**
+     * The encryption key size.
+     */
+    private int encryptionKeySize = 512;
+
+    /**
+     * The encryption key is a JWT whose length is defined by the encryption 
key size setting.
+     */
+    private String encryptionKey = StringUtils.EMPTY;
+
     private LDAP ldap;
 
     @Override
@@ -127,6 +176,62 @@ public class GoogleMfaAuthModuleConf implements 
MFAAuthModuleConf, LDAPDependant
         this.windowSize = windowSize;
     }
 
+    public boolean isEnableCrypto() {
+        return enableCrypto;
+    }
+
+    public void setEnableCrypto(final boolean enableCrypto) {
+        this.enableCrypto = enableCrypto;
+    }
+
+    public OIDCTokenEncryptionEncoding getCryptoAlgorithm() {
+        return cryptoAlgorithm;
+    }
+
+    public void setCryptoAlgorithm(final OIDCTokenEncryptionEncoding 
cryptoAlgorithm) {
+        this.cryptoAlgorithm = cryptoAlgorithm;
+    }
+
+    public CryptoStrategy getCryptoStrategy() {
+        return cryptoStrategy;
+    }
+
+    public void setCryptoStrategy(final CryptoStrategy cryptoStrategy) {
+        this.cryptoStrategy = cryptoStrategy;
+    }
+
+    public int getSigningKeySize() {
+        return signingKeySize;
+    }
+
+    public void setSigningKeySize(final int signingKeySize) {
+        this.signingKeySize = signingKeySize;
+    }
+
+    public String getSigningKey() {
+        return signingKey;
+    }
+
+    public void setSigningKey(final String signingKey) {
+        this.signingKey = signingKey;
+    }
+
+    public int getEncryptionKeySize() {
+        return encryptionKeySize;
+    }
+
+    public void setEncryptionKeySize(final int encryptionKeySize) {
+        this.encryptionKeySize = encryptionKeySize;
+    }
+
+    public String getEncryptionKey() {
+        return encryptionKey;
+    }
+
+    public void setEncryptionKey(final String encryptionKey) {
+        this.encryptionKey = encryptionKey;
+    }
+
     public LDAP getLdap() {
         return ldap;
     }
diff --git a/pom.xml b/pom.xml
index 6dee933fda..c4bc8f501b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -424,7 +424,7 @@ under the License.
 
     <jasypt.version>1.9.3</jasypt.version>
 
-    <groovy.version>4.0.27</groovy.version>
+    <groovy.version>4.0.28</groovy.version>
 
     <flowable.version>6.8.1</flowable.version>
 
diff --git 
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/AuthModulePropertySourceMapper.java
 
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/AuthModulePropertySourceMapper.java
index 4552662bc4..68068aab65 100644
--- 
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/AuthModulePropertySourceMapper.java
+++ 
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/AuthModulePropertySourceMapper.java
@@ -441,12 +441,21 @@ public class AuthModulePropertySourceMapper extends 
PropertySourceMapper impleme
         GoogleAuthenticatorMultifactorProperties props = new 
GoogleAuthenticatorMultifactorProperties();
         props.setName(authModuleTO.getKey());
         props.setOrder(authModuleTO.getOrder());
+
         props.getCore().setIssuer(conf.getIssuer());
         props.getCore().setCodeDigits(conf.getCodeDigits());
         props.getCore().setLabel(conf.getLabel());
         props.getCore().setTimeStepSize(conf.getTimeStepSize());
         props.getCore().setWindowSize(conf.getWindowSize());
 
+        props.getCrypto().setEnabled(conf.isEnableCrypto());
+        props.getCrypto().setAlg(conf.getCryptoAlgorithm().getExternalForm());
+        props.getCrypto().setStrategyType(conf.getCryptoStrategy().name());
+        
props.getCrypto().getEncryption().setKeySize(conf.getEncryptionKeySize());
+        props.getCrypto().getEncryption().setKey(conf.getEncryptionKey());
+        props.getCrypto().getSigning().setKeySize(conf.getSigningKeySize());
+        props.getCrypto().getSigning().setKey(conf.getSigningKey());
+
         if (conf.getLdap() != null) {
             LdapGoogleAuthenticatorMultifactorProperties ldapProps = new 
LdapGoogleAuthenticatorMultifactorProperties();
             
ldapProps.setAccountAttributeName(conf.getLdap().getAccountAttributeName());

Reply via email to