use of com.nimbusds.jose.crypto.RSADecrypter in project oxAuth by GluuFederation.
the class CrossEncryptionTest method decryptAndValidateSignatureWithNimbus.
private void decryptAndValidateSignatureWithNimbus(String jweString) throws ParseException, JOSEException {
JWK jwk = JWK.parse(recipientJwkJson);
RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey();
JWEObject jweObject = JWEObject.parse(jweString);
jweObject.decrypt(new RSADecrypter(rsaPrivateKey));
SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
assertNotNull("Payload not a signed JWT", signedJWT);
RSAKey senderJWK = (RSAKey) JWK.parse(senderJwkJson);
assertTrue(signedJWT.verify(new RSASSAVerifier(senderJWK)));
assertEquals("testing", signedJWT.getJWTClaimsSet().getSubject());
System.out.println("Nimbus decrypt and nested jwt signature verification succeed: " + signedJWT.getJWTClaimsSet().toJSONObject());
}
use of com.nimbusds.jose.crypto.RSADecrypter in project oxAuth by GluuFederation.
the class CrossEncryptionTest method testDecryptNimbusJoseJwt.
private boolean testDecryptNimbusJoseJwt(String jwe) {
try {
EncryptedJWT encryptedJwt = EncryptedJWT.parse(jwe);
// EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptWithGluu());
// EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptWithNimbus());
JWK jwk = JWK.parse(recipientJwkJson);
RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey();
JWEDecrypter decrypter = new RSADecrypter(rsaPrivateKey);
decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
encryptedJwt.decrypt(decrypter);
final String decryptedPayload = new String(Base64Util.base64urldecode(encryptedJwt.getPayload().toString()));
System.out.println("Nimbusds decrypt succeed: " + decryptedPayload);
if (isJsonEqual(decryptedPayload, PAYLOAD)) {
return true;
}
} catch (Exception e) {
System.out.println("Nimbusds decrypt failed: " + e.getMessage());
e.printStackTrace();
}
return false;
}
use of com.nimbusds.jose.crypto.RSADecrypter in project identity-test-integration by wso2-incubator.
the class IDTokenDecrypterServlet method decryptJWE.
/**
* Decrypt the id token using the private key.
*
* @param JWE id token to be decrypted
* @param privateKeyString client private key as a string
* @return decrypted id token as an EncryptedJWT object
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
* @throws ParseException
* @throws JOSEException
* @throws IllegalArgumentException
*/
private EncryptedJWT decryptJWE(String JWE, String privateKeyString) throws NoSuchAlgorithmException, InvalidKeySpecException, ParseException, JOSEException, IllegalArgumentException {
KeyFactory kf = KeyFactory.getInstance("RSA");
// Remove EOF characters from key string and generate key object.
privateKeyString = privateKeyString.replace("\n", "").replace("\r", "");
PKCS8EncodedKeySpec keySpecPKCS8 = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyString));
PrivateKey privateKey = kf.generatePrivate(keySpecPKCS8);
EncryptedJWT jwt = EncryptedJWT.parse(JWE);
// Create a decrypter with the specified private RSA key.
RSADecrypter decrypter = new RSADecrypter((RSAPrivateKey) privateKey);
jwt.decrypt(decrypter);
return jwt;
}
use of com.nimbusds.jose.crypto.RSADecrypter in project Payara by payara.
the class JwtTokenParser method verifyAndParseEncryptedJWT.
private JsonWebTokenImpl verifyAndParseEncryptedJWT(String issuer, PublicKey publicKey, PrivateKey privateKey) throws JWTProcessingException {
if (encryptedJWT == null) {
throw new IllegalStateException("EncryptedJWT not parsed");
}
String algName = encryptedJWT.getHeader().getAlgorithm().getName();
if (!RSA_OAEP.getName().equals(algName)) {
throw new JWTProcessingException("Only RSA-OAEP algorithm is supported for JWT encryption, used " + algName);
}
try {
encryptedJWT.decrypt(new RSADecrypter(privateKey));
} catch (JOSEException ex) {
throw new JWTProcessingException("Exception during decrypting JWT token", ex);
}
signedJWT = encryptedJWT.getPayload().toSignedJWT();
if (signedJWT == null) {
throw new JWTProcessingException("Unable to parse signed JWT.");
}
return verifyAndParseSignedJWT(issuer, publicKey);
}
use of com.nimbusds.jose.crypto.RSADecrypter in project mycore by MyCoRe-Org.
the class MCRJSONWebTokenUtil method retrievePublicKeyFromLoginToken.
/**
* retrieves the client public key from Login Token
*
* @param token - the serialized JSON Web Token from login
* @return the public key as JWK object
*/
public static JWK retrievePublicKeyFromLoginToken(String token) {
JWK result = null;
JWEObject jweObject;
try {
jweObject = JWEObject.parse(token);
// Decrypt with shared key
jweObject.decrypt(new RSADecrypter(RSA_KEYS.getPrivate()));
// Extract payload
SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
result = signedJWT.getHeader().getJWK();
RSAKey publicKey = RSAKey.parse(result.toJSONObject());
if (signedJWT.verify(new RSASSAVerifier(publicKey))) {
return result;
}
} catch (ParseException | JOSEException e) {
LOGGER.error(e);
}
return null;
}
Aggregations