Examples with SignRequest com.amazonaws.services.kms.model.SignRequest used on opensource projects

Search in sources :

Example 6 with SignRequest

use of com.amazonaws.services.kms.model.SignRequest in project di-authentication-api by alphagov.

the class TokenService method generateSignedJWT.

public SignedJWT generateSignedJWT(JWTClaimsSet claimsSet, Optional<String> type) {
    var signingKeyId = kmsConnectionService.getPublicKey(new GetPublicKeyRequest().withKeyId(configService.getTokenSigningKeyAlias())).getKeyId();
    try {
        var jwsHeader = new JWSHeader.Builder(TOKEN_ALGORITHM).keyID(hashSha256String(signingKeyId));
        type.map(JOSEObjectType::new).ifPresent(jwsHeader::type);
        Base64URL encodedHeader = jwsHeader.build().toBase64URL();
        Base64URL encodedClaims = Base64URL.encode(claimsSet.toString());
        String message = encodedHeader + "." + encodedClaims;
        ByteBuffer messageToSign = ByteBuffer.wrap(message.getBytes());
        SignRequest signRequest = new SignRequest();
        signRequest.setMessage(messageToSign);
        signRequest.setKeyId(configService.getTokenSigningKeyAlias());
        signRequest.setSigningAlgorithm(SigningAlgorithmSpec.ECDSA_SHA_256.toString());
        SignResult signResult = kmsConnectionService.sign(signRequest);
        LOG.info("Token has been signed successfully");
        String signature = Base64URL.encode(ECDSA.transcodeSignatureToConcat(signResult.getSignature().array(), ECDSA.getSignatureByteArrayLength(TOKEN_ALGORITHM))).toString();
        return SignedJWT.parse(message + "." + signature);
    } catch (java.text.ParseException | JOSEException e) {
        LOG.error("Exception thrown when trying to parse SignedJWT or JWTClaimSet", e);
        throw new RuntimeException(e);
    }
}
Also used : SignResult(com.amazonaws.services.kms.model.SignResult) SignRequest(com.amazonaws.services.kms.model.SignRequest) HashHelper.hashSha256String(uk.gov.di.authentication.shared.helpers.HashHelper.hashSha256String) ByteBuffer(java.nio.ByteBuffer) Base64URL(com.nimbusds.jose.util.Base64URL) GetPublicKeyRequest(com.amazonaws.services.kms.model.GetPublicKeyRequest) ParseException(com.nimbusds.oauth2.sdk.ParseException) JOSEException(com.nimbusds.jose.JOSEException) JWSHeader(com.nimbusds.jose.JWSHeader)

Example 7 with SignRequest

use of com.amazonaws.services.kms.model.SignRequest in project di-authentication-api by alphagov.

the class AuditService method signPayload.

private byte[] signPayload(byte[] payload) {
    SignRequest signRequest = new SignRequest();
    signRequest.setKeyId(configurationService.getAuditSigningKeyAlias());
    signRequest.setMessage(ByteBuffer.wrap(payload));
    signRequest.setSigningAlgorithm(SigningAlgorithmSpec.ECDSA_SHA_256.toString());
    return kmsConnectionService.sign(signRequest).getSignature().array();
}
Also used : SignRequest(com.amazonaws.services.kms.model.SignRequest)

Example 8 with SignRequest

use of com.amazonaws.services.kms.model.SignRequest in project di-authentication-api by alphagov.

the class DocAppCriService method generatePrivateKeyJwt.

private PrivateKeyJWT generatePrivateKeyJwt(JWTAuthenticationClaimsSet claimsSet) {
    try {
        var jwsHeader = new JWSHeader.Builder(TOKEN_ALGORITHM).keyID(configurationService.getDocAppTokenSigningKeyAlias()).build();
        var encodedHeader = jwsHeader.toBase64URL();
        var encodedClaims = Base64URL.encode(claimsSet.toJWTClaimsSet().toString());
        var message = encodedHeader + "." + encodedClaims;
        var messageToSign = ByteBuffer.wrap(message.getBytes());
        var signRequest = new SignRequest();
        signRequest.setMessage(messageToSign);
        signRequest.setKeyId(configurationService.getDocAppTokenSigningKeyAlias());
        signRequest.setSigningAlgorithm(SigningAlgorithmSpec.ECDSA_SHA_256.toString());
        SignResult signResult = kmsService.sign(signRequest);
        LOG.info("PrivateKeyJWT has been signed successfully");
        var signature = Base64URL.encode(ECDSA.transcodeSignatureToConcat(signResult.getSignature().array(), ECDSA.getSignatureByteArrayLength(TOKEN_ALGORITHM))).toString();
        return new PrivateKeyJWT(SignedJWT.parse(message + "." + signature));
    } catch (JOSEException | java.text.ParseException e) {
        LOG.error("Exception thrown when trying to parse SignedJWT or JWTClaimSet", e);
        throw new RuntimeException(e);
    }
}
Also used : SignResult(com.amazonaws.services.kms.model.SignResult) SignRequest(com.amazonaws.services.kms.model.SignRequest) PrivateKeyJWT(com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT) ParseException(com.nimbusds.oauth2.sdk.ParseException) JOSEException(com.nimbusds.jose.JOSEException)

Example 9 with SignRequest

use of com.amazonaws.services.kms.model.SignRequest in project di-authentication-api by alphagov.

the class IPVTokenService method generatePrivateKeyJwt.

private PrivateKeyJWT generatePrivateKeyJwt(JWTAuthenticationClaimsSet claimsSet) {
    try {
        var jwsHeader = new JWSHeader.Builder(TOKEN_ALGORITHM).keyID(configurationService.getIPVTokenSigningKeyAlias()).build();
        var encodedHeader = jwsHeader.toBase64URL();
        var encodedClaims = Base64URL.encode(claimsSet.toJWTClaimsSet().toString());
        var message = encodedHeader + "." + encodedClaims;
        var messageToSign = ByteBuffer.wrap(message.getBytes());
        var signRequest = new SignRequest();
        signRequest.setMessage(messageToSign);
        signRequest.setKeyId(configurationService.getIPVTokenSigningKeyAlias());
        signRequest.setSigningAlgorithm(SigningAlgorithmSpec.ECDSA_SHA_256.toString());
        SignResult signResult = kmsService.sign(signRequest);
        LOG.info("PrivateKeyJWT has been signed successfully");
        var signature = Base64URL.encode(ECDSA.transcodeSignatureToConcat(signResult.getSignature().array(), ECDSA.getSignatureByteArrayLength(TOKEN_ALGORITHM))).toString();
        return new PrivateKeyJWT(SignedJWT.parse(message + "." + signature));
    } catch (JOSEException | java.text.ParseException e) {
        LOG.error("Exception thrown when trying to parse SignedJWT or JWTClaimSet", e);
        throw new RuntimeException(e);
    }
}
Also used : SignResult(com.amazonaws.services.kms.model.SignResult) SignRequest(com.amazonaws.services.kms.model.SignRequest) PrivateKeyJWT(com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT) ParseException(com.nimbusds.oauth2.sdk.ParseException) JOSEException(com.nimbusds.jose.JOSEException)

Aggregations

SignRequest (com.amazonaws.services.kms.model.SignRequest)9 SignResult (com.amazonaws.services.kms.model.SignResult)7 JOSEException (com.nimbusds.jose.JOSEException)7 JWSHeader (com.nimbusds.jose.JWSHeader)4 Base64URL (com.nimbusds.jose.util.Base64URL)4 ParseException (com.nimbusds.oauth2.sdk.ParseException)4 ByteBuffer (java.nio.ByteBuffer)4 PrivateKeyJWT (com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT)2 AWSKMS (com.amazonaws.services.kms.AWSKMS)1 GetPublicKeyRequest (com.amazonaws.services.kms.model.GetPublicKeyRequest)1 Nonce (com.nimbusds.openid.connect.sdk.Nonce)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 ParseException (java.text.ParseException)1 HashHelper.hashSha256String (uk.gov.di.authentication.shared.helpers.HashHelper.hashSha256String)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial