use of com.amazonaws.services.kms.model.GetPublicKeyResult in project documentproduction by qld-gov-au.
the class AwsContentSignerFactory method getPublicKey.
@Override
public PublicKey getPublicKey(SignatureKey key) {
if ("stub".equals(this.region)) {
return null;
}
AWSKMS kmsClient = AWSKMSClientBuilder.standard().withRegion(region).build();
GetPublicKeyResult response = kmsClient.getPublicKey(new GetPublicKeyRequest().withKeyId(key.getKmsId()));
SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(response.getPublicKey().array());
JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
try {
return converter.getPublicKey(spki);
} catch (PEMException e) {
throw new IllegalStateException(e.getMessage(), e);
}
}
use of com.amazonaws.services.kms.model.GetPublicKeyResult in project di-authentication-api by alphagov.
the class TokenValidationService method createJwk.
private ECKey.Builder createJwk() {
GetPublicKeyRequest getPublicKeyRequest = new GetPublicKeyRequest();
getPublicKeyRequest.setKeyId(configService.getTokenSigningKeyAlias());
GetPublicKeyResult publicKeyResult = kmsConnectionService.getPublicKey(getPublicKeyRequest);
PublicKey publicKey = createPublicKey(publicKeyResult);
return new ECKey.Builder(Curve.P_256, (ECPublicKey) publicKey).keyID(hashSha256String(publicKeyResult.getKeyId())).keyUse(KeyUse.SIGNATURE).algorithm(new Algorithm(JWSAlgorithm.ES256.getName()));
}
use of com.amazonaws.services.kms.model.GetPublicKeyResult in project di-authentication-api by alphagov.
the class TokenServiceTest method setUp.
@BeforeEach
void setUp() {
Optional<String> baseUrl = Optional.of(BASE_URL);
when(configurationService.getOidcApiBaseURL()).thenReturn(baseUrl);
when(configurationService.getAccessTokenExpiry()).thenReturn(300L);
when(configurationService.getIDTokenExpiry()).thenReturn(120L);
when(configurationService.getSessionExpiry()).thenReturn(300L);
when(kmsConnectionService.getPublicKey(any(GetPublicKeyRequest.class))).thenReturn(new GetPublicKeyResult().withKeyId("789789789789789"));
nonce = new Nonce();
}
use of com.amazonaws.services.kms.model.GetPublicKeyResult in project di-authentication-api by alphagov.
the class TokenValidationServiceTest method setUp.
@BeforeEach
void setUp() throws JOSEException {
Optional<String> baseUrl = Optional.of(BASE_URL);
when(configurationService.getOidcApiBaseURL()).thenReturn(baseUrl);
ecJWK = generateECKeyPair();
signer = new ECDSASigner(ecJWK);
when(configurationService.getTokenSigningKeyAlias()).thenReturn(KEY_ID);
GetPublicKeyResult getPublicKeyResult = new GetPublicKeyResult();
getPublicKeyResult.setKeyUsage("SIGN_VERIFY");
getPublicKeyResult.setKeyId(KEY_ID);
getPublicKeyResult.setSigningAlgorithms(singletonList(JWSAlgorithm.ES256.getName()));
getPublicKeyResult.setPublicKey(ByteBuffer.wrap(ecJWK.toPublicJWK().toECPublicKey().getEncoded()));
when(kmsConnectionService.getPublicKey(any(GetPublicKeyRequest.class))).thenReturn(getPublicKeyResult);
}
use of com.amazonaws.services.kms.model.GetPublicKeyResult in project di-authentication-api by alphagov.
the class TokenValidationServiceTest method shouldRetrievePublicKeyFromKmsAndParseToJwk.
@Test
void shouldRetrievePublicKeyFromKmsAndParseToJwk() {
byte[] publicKey = Base64.getDecoder().decode("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpRm+QZsh2IkUWcqXUhBI9ulOzO8dz0Z8HIS6m77tI4eWoZgKYUcbByshDtN4gWPql7E5mN4uCLsg5+6SDXlQcA==");
when(configurationService.getTokenSigningKeyAlias()).thenReturn(KEY_ID);
var result = new GetPublicKeyResult().withKeyUsage("SIGN_VERIFY").withKeyId(KEY_ID).withSigningAlgorithms(singletonList(JWSAlgorithm.ES256.getName())).withPublicKey(ByteBuffer.wrap(publicKey));
when(kmsConnectionService.getPublicKey(any(GetPublicKeyRequest.class))).thenReturn(result);
JWK publicKeyJwk = tokenValidationService.getPublicJwkWithOpaqueId();
assertEquals(publicKeyJwk.getKeyID(), HASHED_KEY_ID);
assertEquals(publicKeyJwk.getAlgorithm(), JWSAlgorithm.ES256);
assertEquals(publicKeyJwk.getKeyUse(), KeyUse.SIGNATURE);
}
Aggregations