Example 1 with RSAKeyProvider
use of com.auth0.jwt.interfaces.RSAKeyProvider in project sonarqube by SonarSource.
the class GithubAppSecurityImpl method readApplicationPrivateKey.
private static Algorithm readApplicationPrivateKey(long appId, String encodedPrivateKey) {
byte[] decodedPrivateKey = encodedPrivateKey.getBytes(UTF_8);
try (PemReader pemReader = new PemReader(new InputStreamReader(new ByteArrayInputStream(decodedPrivateKey)))) {
Security.addProvider(new BouncyCastleProvider());
PemObject pemObject = pemReader.readPemObject();
if (pemObject == null) {
throw new IllegalArgumentException("Failed to decode Github Application private key");
}
PKCS8EncodedKeySpec keySpec1 = new PKCS8EncodedKeySpec(pemObject.getContent());
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey privateKey = keyFactory.generatePrivate(keySpec1);
return Algorithm.RSA256(new RSAKeyProvider() {
@Override
public RSAPublicKey getPublicKeyById(String keyId) {
throw new UnsupportedOperationException("getPublicKeyById not implemented");
}
@Override
public RSAPrivateKey getPrivateKey() {
return (RSAPrivateKey) privateKey;
}
@Override
public String getPrivateKeyId() {
return "github_app_" + appId;
}
});
} catch (Exception e) {
throw new IllegalArgumentException("Invalid Github Application private key", e);
} finally {
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
}
}
Also used :
RSAKeyProvider(com.auth0.jwt.interfaces.RSAKeyProvider)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PrivateKey(java.security.PrivateKey)
InputStreamReader(java.io.InputStreamReader)
PemReader(org.bouncycastle.util.io.pem.PemReader)
PemObject(org.bouncycastle.util.io.pem.PemObject)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
ByteArrayInputStream(java.io.ByteArrayInputStream)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
KeyFactory(java.security.KeyFactory)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
Example 2 with RSAKeyProvider
use of com.auth0.jwt.interfaces.RSAKeyProvider in project snow-owl by b2ihealthcare.
the class IdentityPlugin method createRSAKeyProvider.
private RSAKeyProvider createRSAKeyProvider(IdentityConfiguration conf) throws MalformedURLException {
final String privateKeyId;
final RSAPrivateKey privateKey;
// read private key if provided
if (!Strings.isNullOrEmpty(conf.getSigningKey())) {
privateKeyId = Hashing.goodFastHash(16).hashString(conf.getSigningKey(), Charsets.UTF_8).toString();
privateKey = readPrivateKey(conf.getSigningKey());
} else {
privateKeyId = null;
privateKey = null;
}
if (!Strings.isNullOrEmpty(conf.getJwksUrl())) {
// prefer JSON Web Key Set provider URLs (if set) for token verification
JwkProvider jwkProvider = new JwkProviderBuilder(new URL(conf.getJwksUrl())).cached(5, 24, TimeUnit.HOURS).rateLimited(10, 1, TimeUnit.MINUTES).build();
return new RSAKeyProvider() {
@Override
public RSAPublicKey getPublicKeyById(String kid) {
try {
return (RSAPublicKey) jwkProvider.get(kid).getPublicKey();
} catch (JwkException e) {
throw new SnowowlRuntimeException(e.getMessage(), e);
}
}
@Override
public String getPrivateKeyId() {
return privateKeyId;
}
@Override
public RSAPrivateKey getPrivateKey() {
return privateKey;
}
};
} else if (!Strings.isNullOrEmpty(conf.getVerificationKey())) {
// if JWKS is not set, then fall back to verification key if set
RSAPublicKey publicKey = readPublicKey(conf.getVerificationKey());
return new RSAKeyProvider() {
@Override
public RSAPublicKey getPublicKeyById(String kid) {
return publicKey;
}
@Override
public String getPrivateKeyId() {
return privateKeyId;
}
@Override
public RSAPrivateKey getPrivateKey() {
return privateKey;
}
};
} else {
// if neither jwksUrl nor the verificationKey settings are configured then this not an RSA configuration (or an invalid configuration raised when creating the algorithm instance)
return null;
}
}
Also used :
RSAKeyProvider(com.auth0.jwt.interfaces.RSAKeyProvider)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
JwkProvider(com.auth0.jwk.JwkProvider)
JwkProviderBuilder(com.auth0.jwk.JwkProviderBuilder)
JwkException(com.auth0.jwk.JwkException)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
URL(java.net.URL)
SnowowlRuntimeException(com.b2international.snowowl.core.api.SnowowlRuntimeException)
Example 3 with RSAKeyProvider
use of com.auth0.jwt.interfaces.RSAKeyProvider in project snow-owl by b2ihealthcare.
the class IdentityPlugin method configureJWT.
@VisibleForTesting
/*package*/
void configureJWT(ApplicationContext services, final IdentityProvider identityProvider, final IdentityConfiguration conf) throws MalformedURLException {
RSAKeyProvider rsaKeyProvider = createRSAKeyProvider(conf);
Algorithm algorithm;
if (!Strings.isNullOrEmpty(conf.getJws())) {
algorithm = SUPPORTED_JWS_ALGORITHMS.getOrDefault(conf.getJws(), this::throwUnsupportedJws).apply(conf, rsaKeyProvider);
} else {
IdentityProvider.LOG.warn("'identity.jws' configuration is missing, disabling JWT authorization token signing and verification.");
algorithm = null;
}
JWTGenerator generator;
JWTVerifier verifier;
if (algorithm == null) {
// both signing and verification is disabled
generator = JWT_GENERATOR_DISABLED;
verifier = JWT_VERIFIER_DISABLED;
} else if (rsaKeyProvider != null && rsaKeyProvider.getPrivateKey() == null) {
generator = JWT_GENERATOR_DISABLED;
verifier = createJWTVerifier(algorithm, conf);
} else {
generator = new DefaultJWTGenerator(algorithm, conf);
verifier = createJWTVerifier(algorithm, conf);
}
// always configure a JWTGenerator, a JWTVerifier and an AuthorizationHeader verifier
services.registerService(JWTGenerator.class, generator);
services.registerService(JWTVerifier.class, verifier);
services.registerService(AuthorizationHeaderVerifier.class, new AuthorizationHeaderVerifier(verifier, identityProvider, conf.getEmailClaimProperty(), conf.getPermissionsClaimProperty()));
}
Also used :
RSAKeyProvider(com.auth0.jwt.interfaces.RSAKeyProvider)
Algorithm(com.auth0.jwt.algorithms.Algorithm)
JWTVerifier(com.auth0.jwt.interfaces.JWTVerifier)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
Aggregations
RSAKeyProvider (com.auth0.jwt.interfaces.RSAKeyProvider)3
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)2
RSAPublicKey (java.security.interfaces.RSAPublicKey)2
JwkException (com.auth0.jwk.JwkException)1
JwkProvider (com.auth0.jwk.JwkProvider)1
JwkProviderBuilder (com.auth0.jwk.JwkProviderBuilder)1
Algorithm (com.auth0.jwt.algorithms.Algorithm)1
JWTVerifier (com.auth0.jwt.interfaces.JWTVerifier)1
SnowowlRuntimeException (com.b2international.snowowl.core.api.SnowowlRuntimeException)1
VisibleForTesting (com.google.common.annotations.VisibleForTesting)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
InputStreamReader (java.io.InputStreamReader)1
URL (java.net.URL)1
KeyFactory (java.security.KeyFactory)1
PrivateKey (java.security.PrivateKey)1
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)1
BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)1
PemObject (org.bouncycastle.util.io.pem.PemObject)1
PemReader (org.bouncycastle.util.io.pem.PemReader)1
