use of com.auth0.jwk.JwkException in project snow-owl by b2ihealthcare.
the class IdentityPlugin method createRSAKeyProvider.
private RSAKeyProvider createRSAKeyProvider(IdentityConfiguration conf) throws MalformedURLException {
final String privateKeyId;
final RSAPrivateKey privateKey;
// read private key if provided
if (!Strings.isNullOrEmpty(conf.getSigningKey())) {
privateKeyId = Hashing.goodFastHash(16).hashString(conf.getSigningKey(), Charsets.UTF_8).toString();
privateKey = readPrivateKey(conf.getSigningKey());
} else {
privateKeyId = null;
privateKey = null;
}
if (!Strings.isNullOrEmpty(conf.getJwksUrl())) {
// prefer JSON Web Key Set provider URLs (if set) for token verification
JwkProvider jwkProvider = new JwkProviderBuilder(new URL(conf.getJwksUrl())).cached(5, 24, TimeUnit.HOURS).rateLimited(10, 1, TimeUnit.MINUTES).build();
return new RSAKeyProvider() {
@Override
public RSAPublicKey getPublicKeyById(String kid) {
try {
return (RSAPublicKey) jwkProvider.get(kid).getPublicKey();
} catch (JwkException e) {
throw new SnowowlRuntimeException(e.getMessage(), e);
}
}
@Override
public String getPrivateKeyId() {
return privateKeyId;
}
@Override
public RSAPrivateKey getPrivateKey() {
return privateKey;
}
};
} else if (!Strings.isNullOrEmpty(conf.getVerificationKey())) {
// if JWKS is not set, then fall back to verification key if set
RSAPublicKey publicKey = readPublicKey(conf.getVerificationKey());
return new RSAKeyProvider() {
@Override
public RSAPublicKey getPublicKeyById(String kid) {
return publicKey;
}
@Override
public String getPrivateKeyId() {
return privateKeyId;
}
@Override
public RSAPrivateKey getPrivateKey() {
return privateKey;
}
};
} else {
// if neither jwksUrl nor the verificationKey settings are configured then this not an RSA configuration (or an invalid configuration raised when creating the algorithm instance)
return null;
}
}
Aggregations