use of com.amazonaws.services.kms.model.GetPublicKeyRequest in project documentproduction by qld-gov-au.
the class AwsContentSignerFactory method getPublicKey.
@Override
public PublicKey getPublicKey(SignatureKey key) {
if ("stub".equals(this.region)) {
return null;
}
AWSKMS kmsClient = AWSKMSClientBuilder.standard().withRegion(region).build();
GetPublicKeyResult response = kmsClient.getPublicKey(new GetPublicKeyRequest().withKeyId(key.getKmsId()));
SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(response.getPublicKey().array());
JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
try {
return converter.getPublicKey(spki);
} catch (PEMException e) {
throw new IllegalStateException(e.getMessage(), e);
}
}
use of com.amazonaws.services.kms.model.GetPublicKeyRequest in project di-authentication-api by alphagov.
the class TokenValidationService method createJwk.
private ECKey.Builder createJwk() {
GetPublicKeyRequest getPublicKeyRequest = new GetPublicKeyRequest();
getPublicKeyRequest.setKeyId(configService.getTokenSigningKeyAlias());
GetPublicKeyResult publicKeyResult = kmsConnectionService.getPublicKey(getPublicKeyRequest);
PublicKey publicKey = createPublicKey(publicKeyResult);
return new ECKey.Builder(Curve.P_256, (ECPublicKey) publicKey).keyID(hashSha256String(publicKeyResult.getKeyId())).keyUse(KeyUse.SIGNATURE).algorithm(new Algorithm(JWSAlgorithm.ES256.getName()));
}
use of com.amazonaws.services.kms.model.GetPublicKeyRequest in project di-authentication-api by alphagov.
the class TokenValidationService method createJwk.
private ECKey createJwk(String keyId) {
GetPublicKeyRequest getPublicKeyRequest = new GetPublicKeyRequest();
getPublicKeyRequest.setKeyId(keyId);
GetPublicKeyResult publicKeyResult = kmsConnectionService.getPublicKey(getPublicKeyRequest);
PublicKey publicKey = createPublicKey(publicKeyResult);
return new ECKey.Builder(Curve.P_256, (ECPublicKey) publicKey).keyID(hashSha256String(publicKeyResult.getKeyId())).keyUse(KeyUse.SIGNATURE).algorithm(new Algorithm(JWSAlgorithm.ES256.getName())).build();
}
use of com.amazonaws.services.kms.model.GetPublicKeyRequest in project di-authentication-api by alphagov.
the class TokenService method generateSignedJWT.
public SignedJWT generateSignedJWT(JWTClaimsSet claimsSet, Optional<String> type) {
var signingKeyId = kmsConnectionService.getPublicKey(new GetPublicKeyRequest().withKeyId(configService.getTokenSigningKeyAlias())).getKeyId();
try {
var jwsHeader = new JWSHeader.Builder(TOKEN_ALGORITHM).keyID(hashSha256String(signingKeyId));
type.map(JOSEObjectType::new).ifPresent(jwsHeader::type);
Base64URL encodedHeader = jwsHeader.build().toBase64URL();
Base64URL encodedClaims = Base64URL.encode(claimsSet.toString());
String message = encodedHeader + "." + encodedClaims;
ByteBuffer messageToSign = ByteBuffer.wrap(message.getBytes());
SignRequest signRequest = new SignRequest();
signRequest.setMessage(messageToSign);
signRequest.setKeyId(configService.getTokenSigningKeyAlias());
signRequest.setSigningAlgorithm(SigningAlgorithmSpec.ECDSA_SHA_256.toString());
SignResult signResult = kmsConnectionService.sign(signRequest);
LOG.info("Token has been signed successfully");
String signature = Base64URL.encode(ECDSA.transcodeSignatureToConcat(signResult.getSignature().array(), ECDSA.getSignatureByteArrayLength(TOKEN_ALGORITHM))).toString();
return SignedJWT.parse(message + "." + signature);
} catch (java.text.ParseException | JOSEException e) {
LOG.error("Exception thrown when trying to parse SignedJWT or JWTClaimSet", e);
throw new RuntimeException(e);
}
}
use of com.amazonaws.services.kms.model.GetPublicKeyRequest in project di-authentication-api by alphagov.
the class KmsConnectionService method warmUp.
private void warmUp(String keyId) {
GetPublicKeyRequest request = new GetPublicKeyRequest();
request.setKeyId(keyId);
try {
kmsClient.getPublicKey(request);
} catch (Exception e) {
LOG.info("Unable to retrieve Public Key whilst warming up");
}
}
Aggregations