use of com.amazonaws.services.kms.model.SignResult in project di-ipv-cri-uk-passport-back by alphagov.
the class KmsSigner method sign.
@Override
public Base64URL sign(JWSHeader header, byte[] signingInput) throws JOSEException {
byte[] signingInputHash;
try {
signingInputHash = MessageDigest.getInstance("SHA-256").digest(signingInput);
} catch (NoSuchAlgorithmException e) {
throw new JOSEException(e.getMessage());
}
SignRequest signRequest = new SignRequest().withSigningAlgorithm(SigningAlgorithmSpec.ECDSA_SHA_256.toString()).withKeyId(keyId).withMessage(ByteBuffer.wrap(signingInputHash)).withMessageType(MessageType.DIGEST);
SignResult signResult = kmsClient.sign(signRequest);
return new Base64URL(b64UrlEncoder.encodeToString(signResult.getSignature().array()));
}
use of com.amazonaws.services.kms.model.SignResult in project documentproduction by qld-gov-au.
the class AwsKmsContentSigner method getSignature.
@Override
public byte[] getSignature() {
AWSKMS kmsClient = AWSKMSClientBuilder.standard().withRegion(region).build();
ByteBuffer message = ByteBuffer.wrap(outputStream.toByteArray());
SignRequest signRequest = new SignRequest().withSigningAlgorithm(signingAlgorithmSpec).withKeyId(key).withMessageType(MessageType.RAW).withMessage(message);
SignResult signResult = kmsClient.sign(signRequest);
return signResult.getSignature().array();
}
use of com.amazonaws.services.kms.model.SignResult in project di-authentication-api by alphagov.
the class TokenService method generateSignedJWT.
private SignedJWT generateSignedJWT(JWTClaimsSet claimsSet) {
try {
JWSHeader jwsHeader = new JWSHeader.Builder(TOKEN_ALGORITHM).keyID(configService.getTokenSigningKeyAlias()).build();
Base64URL encodedHeader = jwsHeader.toBase64URL();
Base64URL encodedClaims = Base64URL.encode(claimsSet.toString());
String message = encodedHeader + "." + encodedClaims;
ByteBuffer messageToSign = ByteBuffer.wrap(message.getBytes());
SignRequest signRequest = new SignRequest();
signRequest.setMessage(messageToSign);
signRequest.setKeyId(configService.getTokenSigningKeyAlias());
signRequest.setSigningAlgorithm(SigningAlgorithmSpec.ECDSA_SHA_256.toString());
SignResult signResult = kmsConnectionService.sign(signRequest);
LOG.info("Token has been signed successfully");
String signature = Base64URL.encode(ECDSA.transcodeSignatureToConcat(signResult.getSignature().array(), ECDSA.getSignatureByteArrayLength(TOKEN_ALGORITHM))).toString();
return SignedJWT.parse(message + "." + signature);
} catch (java.text.ParseException | JOSEException e) {
LOG.error("Exception thrown when trying to parse SignedJWT or JWTClaimSet", e);
throw new RuntimeException(e);
}
}
use of com.amazonaws.services.kms.model.SignResult in project di-authentication-api by alphagov.
the class AuditServiceTest method beforeEach.
@BeforeEach
void beforeEach() {
var stubSignature = new SignResult().withSignature(ByteBuffer.wrap("signature".getBytes()));
when(kmsConnectionService.sign(any(SignRequest.class))).thenReturn(stubSignature);
MockitoAnnotations.openMocks(this);
}
use of com.amazonaws.services.kms.model.SignResult in project di-authentication-api by alphagov.
the class TokenSigningExtension method signJwt.
public SignedJWT signJwt(JWTClaimsSet claimsSet) {
try {
JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.ES256).keyID(getKeyAlias()).build();
Base64URL encodedHeader = jwsHeader.toBase64URL();
Base64URL encodedClaims = Base64URL.encode(claimsSet.toString());
String message = encodedHeader + "." + encodedClaims;
ByteBuffer messageToSign = ByteBuffer.wrap(message.getBytes());
SignRequest signRequest = new SignRequest();
signRequest.setMessage(messageToSign);
signRequest.setKeyId(getKeyAlias());
signRequest.setSigningAlgorithm(SigningAlgorithmSpec.ECDSA_SHA_256.toString());
SignResult signResult = kmsConnectionService.sign(signRequest);
String signature = Base64URL.encode(ECDSA.transcodeSignatureToConcat(signResult.getSignature().array(), ECDSA.getSignatureByteArrayLength(JWSAlgorithm.ES256))).toString();
return SignedJWT.parse(message + "." + signature);
} catch (java.text.ParseException | JOSEException e) {
throw new RuntimeException(e);
}
}
Aggregations