Search in sources :

Example 1 with RSADecrypter

use of com.nimbusds.jose.crypto.RSADecrypter in project oxAuth by GluuFederation.

the class CrossEncryptionTest method decryptAndValidateSignatureWithNimbus.

private void decryptAndValidateSignatureWithNimbus(String jweString) throws ParseException, JOSEException {
    JWK jwk = JWK.parse(recipientJwkJson);
    RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey();
    JWEObject jweObject = JWEObject.parse(jweString);
    jweObject.decrypt(new RSADecrypter(rsaPrivateKey));
    SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
    assertNotNull("Payload not a signed JWT", signedJWT);
    RSAKey senderJWK = (RSAKey) JWK.parse(senderJwkJson);
    assertTrue(signedJWT.verify(new RSASSAVerifier(senderJWK)));
    assertEquals("testing", signedJWT.getJWTClaimsSet().getSubject());
    System.out.println("Nimbus decrypt and nested jwt signature verification succeed: " + signedJWT.getJWTClaimsSet().toJSONObject());
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier) SignedJWT(com.nimbusds.jwt.SignedJWT) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) JWK(com.nimbusds.jose.jwk.JWK) RSADecrypter(com.nimbusds.jose.crypto.RSADecrypter)

Example 2 with RSADecrypter

use of com.nimbusds.jose.crypto.RSADecrypter in project oxAuth by GluuFederation.

the class CrossEncryptionTest method testDecryptNimbusJoseJwt.

private boolean testDecryptNimbusJoseJwt(String jwe) {
    try {
        EncryptedJWT encryptedJwt = EncryptedJWT.parse(jwe);
        // EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptWithGluu());
        // EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptWithNimbus());
        JWK jwk = JWK.parse(recipientJwkJson);
        RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey();
        JWEDecrypter decrypter = new RSADecrypter(rsaPrivateKey);
        decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
        encryptedJwt.decrypt(decrypter);
        final String decryptedPayload = new String(Base64Util.base64urldecode(encryptedJwt.getPayload().toString()));
        System.out.println("Nimbusds decrypt succeed: " + decryptedPayload);
        if (isJsonEqual(decryptedPayload, PAYLOAD)) {
            return true;
        }
    } catch (Exception e) {
        System.out.println("Nimbusds decrypt failed: " + e.getMessage());
        e.printStackTrace();
    }
    return false;
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) EncryptedJWT(com.nimbusds.jwt.EncryptedJWT) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) JSONException(org.json.JSONException) ParseException(java.text.ParseException) InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException) IOException(java.io.IOException) InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException) JWK(com.nimbusds.jose.jwk.JWK) RSADecrypter(com.nimbusds.jose.crypto.RSADecrypter)

Example 3 with RSADecrypter

use of com.nimbusds.jose.crypto.RSADecrypter in project identity-test-integration by wso2-incubator.

the class IDTokenDecrypterServlet method decryptJWE.

/**
 * Decrypt the id token using the private key.
 *
 * @param JWE              id token to be decrypted
 * @param privateKeyString client private key as a string
 * @return decrypted id token as an EncryptedJWT object
 * @throws NoSuchAlgorithmException
 * @throws InvalidKeySpecException
 * @throws ParseException
 * @throws JOSEException
 * @throws IllegalArgumentException
 */
private EncryptedJWT decryptJWE(String JWE, String privateKeyString) throws NoSuchAlgorithmException, InvalidKeySpecException, ParseException, JOSEException, IllegalArgumentException {
    KeyFactory kf = KeyFactory.getInstance("RSA");
    // Remove EOF characters from key string and generate key object.
    privateKeyString = privateKeyString.replace("\n", "").replace("\r", "");
    PKCS8EncodedKeySpec keySpecPKCS8 = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyString));
    PrivateKey privateKey = kf.generatePrivate(keySpecPKCS8);
    EncryptedJWT jwt = EncryptedJWT.parse(JWE);
    // Create a decrypter with the specified private RSA key.
    RSADecrypter decrypter = new RSADecrypter((RSAPrivateKey) privateKey);
    jwt.decrypt(decrypter);
    return jwt;
}
Also used : RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) EncryptedJWT(com.nimbusds.jwt.EncryptedJWT) KeyFactory(java.security.KeyFactory) RSADecrypter(com.nimbusds.jose.crypto.RSADecrypter)

Example 4 with RSADecrypter

use of com.nimbusds.jose.crypto.RSADecrypter in project Payara by payara.

the class JwtTokenParser method verifyAndParseEncryptedJWT.

private JsonWebTokenImpl verifyAndParseEncryptedJWT(String issuer, PublicKey publicKey, PrivateKey privateKey) throws JWTProcessingException {
    if (encryptedJWT == null) {
        throw new IllegalStateException("EncryptedJWT not parsed");
    }
    String algName = encryptedJWT.getHeader().getAlgorithm().getName();
    if (!RSA_OAEP.getName().equals(algName)) {
        throw new JWTProcessingException("Only RSA-OAEP algorithm is supported for JWT encryption, used " + algName);
    }
    try {
        encryptedJWT.decrypt(new RSADecrypter(privateKey));
    } catch (JOSEException ex) {
        throw new JWTProcessingException("Exception during decrypting JWT token", ex);
    }
    signedJWT = encryptedJWT.getPayload().toSignedJWT();
    if (signedJWT == null) {
        throw new JWTProcessingException("Unable to parse signed JWT.");
    }
    return verifyAndParseSignedJWT(issuer, publicKey);
}
Also used : JWTProcessingException(fish.payara.microprofile.jwtauth.eesecurity.JWTProcessingException) JsonString(javax.json.JsonString) JOSEException(com.nimbusds.jose.JOSEException) RSADecrypter(com.nimbusds.jose.crypto.RSADecrypter)

Example 5 with RSADecrypter

use of com.nimbusds.jose.crypto.RSADecrypter in project mycore by MyCoRe-Org.

the class MCRJSONWebTokenUtil method retrievePublicKeyFromLoginToken.

/**
 * retrieves the client public key from Login Token
 *
 * @param token - the serialized JSON Web Token from login
 * @return the public key as JWK object
 */
public static JWK retrievePublicKeyFromLoginToken(String token) {
    JWK result = null;
    JWEObject jweObject;
    try {
        jweObject = JWEObject.parse(token);
        // Decrypt with shared key
        jweObject.decrypt(new RSADecrypter(RSA_KEYS.getPrivate()));
        // Extract payload
        SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
        result = signedJWT.getHeader().getJWK();
        RSAKey publicKey = RSAKey.parse(result.toJSONObject());
        if (signedJWT.verify(new RSASSAVerifier(publicKey))) {
            return result;
        }
    } catch (ParseException | JOSEException e) {
        LOGGER.error(e);
    }
    return null;
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) JWEObject(com.nimbusds.jose.JWEObject) RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier) SignedJWT(com.nimbusds.jwt.SignedJWT) ParseException(java.text.ParseException) JOSEException(com.nimbusds.jose.JOSEException) JWK(com.nimbusds.jose.jwk.JWK) RSADecrypter(com.nimbusds.jose.crypto.RSADecrypter)

Aggregations

RSADecrypter (com.nimbusds.jose.crypto.RSADecrypter)6 RSAKey (com.nimbusds.jose.jwk.RSAKey)4 JOSEException (com.nimbusds.jose.JOSEException)3 RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)3 JWK (com.nimbusds.jose.jwk.JWK)3 SignedJWT (com.nimbusds.jwt.SignedJWT)3 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)3 ParseException (java.text.ParseException)3 JWEObject (com.nimbusds.jose.JWEObject)2 EncryptedJWT (com.nimbusds.jwt.EncryptedJWT)2 JWTProcessingException (fish.payara.microprofile.jwtauth.eesecurity.JWTProcessingException)1 IOException (java.io.IOException)1 KeyFactory (java.security.KeyFactory)1 PrivateKey (java.security.PrivateKey)1 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)1 JsonString (javax.json.JsonString)1 InvalidJweException (org.gluu.oxauth.model.exception.InvalidJweException)1 InvalidJwtException (org.gluu.oxauth.model.exception.InvalidJwtException)1 JSONException (org.json.JSONException)1