Search in sources :

Example 1 with GetPublicKeyResult

use of com.amazonaws.services.kms.model.GetPublicKeyResult in project documentproduction by qld-gov-au.

the class AwsContentSignerFactory method getPublicKey.

@Override
public PublicKey getPublicKey(SignatureKey key) {
    if ("stub".equals(this.region)) {
        return null;
    }
    AWSKMS kmsClient = AWSKMSClientBuilder.standard().withRegion(region).build();
    GetPublicKeyResult response = kmsClient.getPublicKey(new GetPublicKeyRequest().withKeyId(key.getKmsId()));
    SubjectPublicKeyInfo spki = SubjectPublicKeyInfo.getInstance(response.getPublicKey().array());
    JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
    try {
        return converter.getPublicKey(spki);
    } catch (PEMException e) {
        throw new IllegalStateException(e.getMessage(), e);
    }
}
Also used : GetPublicKeyRequest(com.amazonaws.services.kms.model.GetPublicKeyRequest) PEMException(org.bouncycastle.openssl.PEMException) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) GetPublicKeyResult(com.amazonaws.services.kms.model.GetPublicKeyResult) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) AWSKMS(com.amazonaws.services.kms.AWSKMS)

Example 2 with GetPublicKeyResult

use of com.amazonaws.services.kms.model.GetPublicKeyResult in project di-authentication-api by alphagov.

the class TokenValidationService method createJwk.

private ECKey.Builder createJwk() {
    GetPublicKeyRequest getPublicKeyRequest = new GetPublicKeyRequest();
    getPublicKeyRequest.setKeyId(configService.getTokenSigningKeyAlias());
    GetPublicKeyResult publicKeyResult = kmsConnectionService.getPublicKey(getPublicKeyRequest);
    PublicKey publicKey = createPublicKey(publicKeyResult);
    return new ECKey.Builder(Curve.P_256, (ECPublicKey) publicKey).keyID(hashSha256String(publicKeyResult.getKeyId())).keyUse(KeyUse.SIGNATURE).algorithm(new Algorithm(JWSAlgorithm.ES256.getName()));
}
Also used : ECPublicKey(java.security.interfaces.ECPublicKey) GetPublicKeyRequest(com.amazonaws.services.kms.model.GetPublicKeyRequest) PublicKey(java.security.PublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) GetPublicKeyResult(com.amazonaws.services.kms.model.GetPublicKeyResult) ECKey(com.nimbusds.jose.jwk.ECKey) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) Algorithm(com.nimbusds.jose.Algorithm)

Example 3 with GetPublicKeyResult

use of com.amazonaws.services.kms.model.GetPublicKeyResult in project di-authentication-api by alphagov.

the class TokenServiceTest method setUp.

@BeforeEach
void setUp() {
    Optional<String> baseUrl = Optional.of(BASE_URL);
    when(configurationService.getOidcApiBaseURL()).thenReturn(baseUrl);
    when(configurationService.getAccessTokenExpiry()).thenReturn(300L);
    when(configurationService.getIDTokenExpiry()).thenReturn(120L);
    when(configurationService.getSessionExpiry()).thenReturn(300L);
    when(kmsConnectionService.getPublicKey(any(GetPublicKeyRequest.class))).thenReturn(new GetPublicKeyResult().withKeyId("789789789789789"));
    nonce = new Nonce();
}
Also used : Nonce(com.nimbusds.openid.connect.sdk.Nonce) GetPublicKeyRequest(com.amazonaws.services.kms.model.GetPublicKeyRequest) GetPublicKeyResult(com.amazonaws.services.kms.model.GetPublicKeyResult) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 4 with GetPublicKeyResult

use of com.amazonaws.services.kms.model.GetPublicKeyResult in project di-authentication-api by alphagov.

the class TokenValidationServiceTest method setUp.

@BeforeEach
void setUp() throws JOSEException {
    Optional<String> baseUrl = Optional.of(BASE_URL);
    when(configurationService.getOidcApiBaseURL()).thenReturn(baseUrl);
    ecJWK = generateECKeyPair();
    signer = new ECDSASigner(ecJWK);
    when(configurationService.getTokenSigningKeyAlias()).thenReturn(KEY_ID);
    GetPublicKeyResult getPublicKeyResult = new GetPublicKeyResult();
    getPublicKeyResult.setKeyUsage("SIGN_VERIFY");
    getPublicKeyResult.setKeyId(KEY_ID);
    getPublicKeyResult.setSigningAlgorithms(singletonList(JWSAlgorithm.ES256.getName()));
    getPublicKeyResult.setPublicKey(ByteBuffer.wrap(ecJWK.toPublicJWK().toECPublicKey().getEncoded()));
    when(kmsConnectionService.getPublicKey(any(GetPublicKeyRequest.class))).thenReturn(getPublicKeyResult);
}
Also used : ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner) GetPublicKeyRequest(com.amazonaws.services.kms.model.GetPublicKeyRequest) GetPublicKeyResult(com.amazonaws.services.kms.model.GetPublicKeyResult) HashHelper.hashSha256String(uk.gov.di.authentication.shared.helpers.HashHelper.hashSha256String) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 5 with GetPublicKeyResult

use of com.amazonaws.services.kms.model.GetPublicKeyResult in project di-authentication-api by alphagov.

the class TokenValidationServiceTest method shouldRetrievePublicKeyFromKmsAndParseToJwk.

@Test
void shouldRetrievePublicKeyFromKmsAndParseToJwk() {
    byte[] publicKey = Base64.getDecoder().decode("MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpRm+QZsh2IkUWcqXUhBI9ulOzO8dz0Z8HIS6m77tI4eWoZgKYUcbByshDtN4gWPql7E5mN4uCLsg5+6SDXlQcA==");
    when(configurationService.getTokenSigningKeyAlias()).thenReturn(KEY_ID);
    var result = new GetPublicKeyResult().withKeyUsage("SIGN_VERIFY").withKeyId(KEY_ID).withSigningAlgorithms(singletonList(JWSAlgorithm.ES256.getName())).withPublicKey(ByteBuffer.wrap(publicKey));
    when(kmsConnectionService.getPublicKey(any(GetPublicKeyRequest.class))).thenReturn(result);
    JWK publicKeyJwk = tokenValidationService.getPublicJwkWithOpaqueId();
    assertEquals(publicKeyJwk.getKeyID(), HASHED_KEY_ID);
    assertEquals(publicKeyJwk.getAlgorithm(), JWSAlgorithm.ES256);
    assertEquals(publicKeyJwk.getKeyUse(), KeyUse.SIGNATURE);
}
Also used : GetPublicKeyRequest(com.amazonaws.services.kms.model.GetPublicKeyRequest) GetPublicKeyResult(com.amazonaws.services.kms.model.GetPublicKeyResult) JWK(com.nimbusds.jose.jwk.JWK) Test(org.junit.jupiter.api.Test)

Aggregations

GetPublicKeyRequest (com.amazonaws.services.kms.model.GetPublicKeyRequest)6 GetPublicKeyResult (com.amazonaws.services.kms.model.GetPublicKeyResult)6 Algorithm (com.nimbusds.jose.Algorithm)2 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)2 PublicKey (java.security.PublicKey)2 ECPublicKey (java.security.interfaces.ECPublicKey)2 BeforeEach (org.junit.jupiter.api.BeforeEach)2 AWSKMS (com.amazonaws.services.kms.AWSKMS)1 ECDSASigner (com.nimbusds.jose.crypto.ECDSASigner)1 ECKey (com.nimbusds.jose.jwk.ECKey)1 JWK (com.nimbusds.jose.jwk.JWK)1 Nonce (com.nimbusds.openid.connect.sdk.Nonce)1 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)1 PEMException (org.bouncycastle.openssl.PEMException)1 JcaPEMKeyConverter (org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)1 Test (org.junit.jupiter.api.Test)1 HashHelper.hashSha256String (uk.gov.di.authentication.shared.helpers.HashHelper.hashSha256String)1