Search in sources :

Example 1 with JwkException

use of com.auth0.jwk.JwkException in project snow-owl by b2ihealthcare.

the class IdentityPlugin method createRSAKeyProvider.

private RSAKeyProvider createRSAKeyProvider(IdentityConfiguration conf) throws MalformedURLException {
    final String privateKeyId;
    final RSAPrivateKey privateKey;
    // read private key if provided
    if (!Strings.isNullOrEmpty(conf.getSigningKey())) {
        privateKeyId = Hashing.goodFastHash(16).hashString(conf.getSigningKey(), Charsets.UTF_8).toString();
        privateKey = readPrivateKey(conf.getSigningKey());
    } else {
        privateKeyId = null;
        privateKey = null;
    }
    if (!Strings.isNullOrEmpty(conf.getJwksUrl())) {
        // prefer JSON Web Key Set provider URLs (if set) for token verification
        JwkProvider jwkProvider = new JwkProviderBuilder(new URL(conf.getJwksUrl())).cached(5, 24, TimeUnit.HOURS).rateLimited(10, 1, TimeUnit.MINUTES).build();
        return new RSAKeyProvider() {

            @Override
            public RSAPublicKey getPublicKeyById(String kid) {
                try {
                    return (RSAPublicKey) jwkProvider.get(kid).getPublicKey();
                } catch (JwkException e) {
                    throw new SnowowlRuntimeException(e.getMessage(), e);
                }
            }

            @Override
            public String getPrivateKeyId() {
                return privateKeyId;
            }

            @Override
            public RSAPrivateKey getPrivateKey() {
                return privateKey;
            }
        };
    } else if (!Strings.isNullOrEmpty(conf.getVerificationKey())) {
        // if JWKS is not set, then fall back to verification key if set
        RSAPublicKey publicKey = readPublicKey(conf.getVerificationKey());
        return new RSAKeyProvider() {

            @Override
            public RSAPublicKey getPublicKeyById(String kid) {
                return publicKey;
            }

            @Override
            public String getPrivateKeyId() {
                return privateKeyId;
            }

            @Override
            public RSAPrivateKey getPrivateKey() {
                return privateKey;
            }
        };
    } else {
        // if neither jwksUrl nor the verificationKey settings are configured then this not an RSA configuration (or an invalid configuration raised when creating the algorithm instance)
        return null;
    }
}
Also used : RSAKeyProvider(com.auth0.jwt.interfaces.RSAKeyProvider) RSAPublicKey(java.security.interfaces.RSAPublicKey) JwkProvider(com.auth0.jwk.JwkProvider) JwkProviderBuilder(com.auth0.jwk.JwkProviderBuilder) JwkException(com.auth0.jwk.JwkException) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) URL(java.net.URL) SnowowlRuntimeException(com.b2international.snowowl.core.api.SnowowlRuntimeException)

Aggregations

JwkException (com.auth0.jwk.JwkException)1 JwkProvider (com.auth0.jwk.JwkProvider)1 JwkProviderBuilder (com.auth0.jwk.JwkProviderBuilder)1 RSAKeyProvider (com.auth0.jwt.interfaces.RSAKeyProvider)1 SnowowlRuntimeException (com.b2international.snowowl.core.api.SnowowlRuntimeException)1 URL (java.net.URL)1 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1 RSAPublicKey (java.security.interfaces.RSAPublicKey)1