feat(jans-auth-server): renamed "key_ops" -> "key_ops_type" #3790 (#3792

)

Some frameworks does not allow custom key_ops like "ssa" (e.g. nimbus)

docker-jans-certmanager/scripts/auth_handler.py

@@ -62,7 +62,7 @@ def generate_openid_keys(passwd, jks_path, dn, exp=48, sig_keys=SIG_KEYS, enc_ke
         f"-enc_keys {enc_keys} -sig_keys {sig_keys} "
         f"-dnname '{dn}' -expiration_hours {exp} "
         f"-keystore {jks_path} -keypasswd {passwd} "
-        "-key_ops connect"
+        "-key_ops_type connect"
     )
     return exec_cmd(cmd)
 

docker-jans-certmanager/scripts/utils.py

@@ -37,7 +37,7 @@ def generate_openid_keys(passwd, jks_path, jwks_path, dn, exp=365, sig_keys=DEFA
         f"-enc_keys {enc_keys} -sig_keys {sig_keys} "
         f"-dnname '{dn}' -expiration_hours {exp} "
         f"-keystore {jks_path} -keypasswd {passwd} "
-        "-key_ops connect"
+        "-key_ops_type connect"
     )
 
     out, err, retcode = exec_cmd(cmd)

docker-jans-configurator/scripts/bootstrap.py

@@ -63,7 +63,7 @@ def generate_openid_keys(passwd, jks_path, jwks_path, dn, exp=365, sig_keys=DEFA
         "-expiration", "{}".format(exp),
         "-keystore", jks_path,
         "-keypasswd", passwd,
-        "-key_ops", "connect",
+        "-key_ops_type", "connect",
     ])
     out, err, retcode = exec_cmd(cmd)
     if retcode == 0:
@@ -84,7 +84,7 @@ def generate_openid_keys_hourly(passwd, jks_path, jwks_path, dn, exp=48, sig_key
         "-expiration_hours", "{}".format(exp),
         "-keystore", jks_path,
         "-keypasswd", passwd,
-        "-key_ops", "connect",
+        "-key_ops_type", "connect",
     ])
     out, err, retcode = exec_cmd(cmd)
     if retcode == 0:

docs/admin/auth-server/crypto/key-generation.md

@@ -24,10 +24,10 @@ To get KeyGenerator, run the following command inside the terminal.
 You can put expiration according to your own policy. For testing purpose we are keeping it 2 days.
 
 ```commandLine
-/opt/jre/bin/java -Dlog4j.defaultInitOverride=true -cp /opt/dist/jans/jans-auth-client-jar-with-dependencies.jar io.jans.as.client.util.KeyGenerator -keystore /etc/certs/jans-auth-keys.p12 -keypasswd <Password> -sig_keys RS256 RS384 -enc_keys RSA1_5 RSA-OAEP -key_ops ALL -dnname "CN=jansAuth CA Certificates" -expiration 2 > /etc/certs/jans-auth-keys.json
+/opt/jre/bin/java -Dlog4j.defaultInitOverride=true -cp /opt/dist/jans/jans-auth-client-jar-with-dependencies.jar io.jans.as.client.util.KeyGenerator -keystore /etc/certs/jans-auth-keys.p12 -keypasswd <Password> -sig_keys RS256 RS384 -enc_keys RSA1_5 RSA-OAEP -key_ops_type ALL -dnname "CN=jansAuth CA Certificates" -expiration 2 > /etc/certs/jans-auth-keys.json
 ```
 
-Note `-key_ops ALL` parameter which sets purpose of the keys generated by key generator.
+Note `-key_ops_type ALL` parameter which sets purpose of the keys generated by key generator.
 Possible values are:
 - "connect" - connect keys (that is what we already have)
 - "ssa" - ssa keys which has expiration set to 50 years (it ignores "expiration" parameters)
@@ -49,7 +49,7 @@ The jans implementation of KeyGenerator accepts the following arguments:
 |-expiration|	Expiration in days|
 |-expiration_hours|Expiration in hours|
 |-h	|Show help|
-|-key_ops| Purpose of the key, possible values: connect, ssa, all |
+|-key_ops_type| Purpose of the key, possible values: connect, ssa, all |
 |-keypasswd|	Key Store password|
 |-keystore|	Key Store file (such as /etc/certs/jans-auth-keys.p12)|
 |-ox11|	oxEleven Generate Key Endpoint.|

jans-auth-server/docs/swagger.yaml

@@ -4771,7 +4771,6 @@ components:
       required:
         - alg
         - exp
-        - key_ops
         - kid
         - kty
         - use

jans-config-api/docs/jans-config-api-swagger.yaml

@@ -9246,12 +9246,12 @@ components:
           type: string
         "y":
           type: string
-        key_ops:
+        key_ops_type:
           type: string
           enum:
-          - "KeyOps{value='connect'} CONNECT"
-          - "KeyOps{value='ssa'} SSA"
-          - "KeyOps{value='all'} ALL"
+          - "KeyOpsType{value='connect'} CONNECT"
+          - "KeyOpsType{value='ssa'} SSA"
+          - "KeyOpsType{value='all'} ALL"
     WebKeysConfiguration:
       type: object
       properties:

jans-linux-setup/jans_setup/setup_app/test_data_loader.py

@@ -48,7 +48,7 @@ def create_test_client_keystore(self):
 
         args = [Config.cmd_java, '-Dlog4j.defaultInitOverride=true',
                 '-cp', Config.non_setup_properties['oxauth_client_jar_fn'], Config.non_setup_properties['key_gen_path'],
-                '-key_ops', 'ALL',
+                '-key_ops_type', 'ALL',
                 '-keystore', client_keystore_fn,
                 '-keypasswd', 'secret',
                 '-sig_keys', Config.default_sig_key_algs,

jans-linux-setup/jans_setup/setup_app/utils/crypto64.py

@@ -278,7 +278,7 @@ def gen_openid_jwks_jks_keys(self, jks_path, jks_pwd, jks_create=True, key_expir
                         "-Dlog4j.defaultInitOverride=true",
                         "-cp", Config.non_setup_properties['oxauth_client_jar_fn'], 
                         Config.non_setup_properties['key_gen_path'],
-                        '-key_ops', 'ALL',
+                        '-key_ops_type', 'ALL',
                         "-keystore",
                         jks_path,
                         "-keypasswd",
@@ -305,7 +305,7 @@ def export_openid_key(self, jks_path, jks_pwd, cert_alias, cert_path):
                         "-cp",
                         Config.non_setup_properties['oxauth_client_jar_fn'], 
                         Config.non_setup_properties['key_export_path'],
-                        '-key_ops', 'ALL',
+                        '-key_ops_type', 'ALL',
                         "-keystore",
                         jks_path,
                         "-keypasswd",