Example 1 with RSADecrypter
use of com.nimbusds.jose.crypto.RSADecrypter in project oxAuth by GluuFederation.
the class CrossEncryptionTest method decryptAndValidateSignatureWithNimbus.
private void decryptAndValidateSignatureWithNimbus(String jweString) throws ParseException, JOSEException {
JWK jwk = JWK.parse(recipientJwkJson);
RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey();
JWEObject jweObject = JWEObject.parse(jweString);
jweObject.decrypt(new RSADecrypter(rsaPrivateKey));
SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
assertNotNull("Payload not a signed JWT", signedJWT);
RSAKey senderJWK = (RSAKey) JWK.parse(senderJwkJson);
assertTrue(signedJWT.verify(new RSASSAVerifier(senderJWK)));
assertEquals("testing", signedJWT.getJWTClaimsSet().getSubject());
System.out.println("Nimbus decrypt and nested jwt signature verification succeed: " + signedJWT.getJWTClaimsSet().toJSONObject());
}
Also used :
RSAKey(com.nimbusds.jose.jwk.RSAKey)
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
SignedJWT(com.nimbusds.jwt.SignedJWT)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
JWK(com.nimbusds.jose.jwk.JWK)
RSADecrypter(com.nimbusds.jose.crypto.RSADecrypter)
Example 2 with RSADecrypter
use of com.nimbusds.jose.crypto.RSADecrypter in project oxAuth by GluuFederation.
the class CrossEncryptionTest method testDecryptNimbusJoseJwt.
private boolean testDecryptNimbusJoseJwt(String jwe) {
try {
EncryptedJWT encryptedJwt = EncryptedJWT.parse(jwe);
// EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptWithGluu());
// EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptWithNimbus());
JWK jwk = JWK.parse(recipientJwkJson);
RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey();
JWEDecrypter decrypter = new RSADecrypter(rsaPrivateKey);
decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
encryptedJwt.decrypt(decrypter);
final String decryptedPayload = new String(Base64Util.base64urldecode(encryptedJwt.getPayload().toString()));
System.out.println("Nimbusds decrypt succeed: " + decryptedPayload);
if (isJsonEqual(decryptedPayload, PAYLOAD)) {
return true;
}
} catch (Exception e) {
System.out.println("Nimbusds decrypt failed: " + e.getMessage());
e.printStackTrace();
}
return false;
}
Also used :
RSAKey(com.nimbusds.jose.jwk.RSAKey)
EncryptedJWT(com.nimbusds.jwt.EncryptedJWT)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
JSONException(org.json.JSONException)
ParseException(java.text.ParseException)
InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException)
IOException(java.io.IOException)
InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException)
JWK(com.nimbusds.jose.jwk.JWK)
RSADecrypter(com.nimbusds.jose.crypto.RSADecrypter)
Example 3 with RSADecrypter
use of com.nimbusds.jose.crypto.RSADecrypter in project identity-test-integration by wso2-incubator.
the class IDTokenDecrypterServlet method decryptJWE.
/**
* Decrypt the id token using the private key.
*
* @param JWE id token to be decrypted
* @param privateKeyString client private key as a string
* @return decrypted id token as an EncryptedJWT object
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
* @throws ParseException
* @throws JOSEException
* @throws IllegalArgumentException
*/
private EncryptedJWT decryptJWE(String JWE, String privateKeyString) throws NoSuchAlgorithmException, InvalidKeySpecException, ParseException, JOSEException, IllegalArgumentException {
KeyFactory kf = KeyFactory.getInstance("RSA");
// Remove EOF characters from key string and generate key object.
privateKeyString = privateKeyString.replace("\n", "").replace("\r", "");
PKCS8EncodedKeySpec keySpecPKCS8 = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyString));
PrivateKey privateKey = kf.generatePrivate(keySpecPKCS8);
EncryptedJWT jwt = EncryptedJWT.parse(JWE);
// Create a decrypter with the specified private RSA key.
RSADecrypter decrypter = new RSADecrypter((RSAPrivateKey) privateKey);
jwt.decrypt(decrypter);
return jwt;
}
Also used :
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PrivateKey(java.security.PrivateKey)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
EncryptedJWT(com.nimbusds.jwt.EncryptedJWT)
KeyFactory(java.security.KeyFactory)
RSADecrypter(com.nimbusds.jose.crypto.RSADecrypter)
Example 4 with RSADecrypter
use of com.nimbusds.jose.crypto.RSADecrypter in project Payara by payara.
the class JwtTokenParser method verifyAndParseEncryptedJWT.
private JsonWebTokenImpl verifyAndParseEncryptedJWT(String issuer, PublicKey publicKey, PrivateKey privateKey) throws JWTProcessingException {
if (encryptedJWT == null) {
throw new IllegalStateException("EncryptedJWT not parsed");
}
String algName = encryptedJWT.getHeader().getAlgorithm().getName();
if (!RSA_OAEP.getName().equals(algName)) {
throw new JWTProcessingException("Only RSA-OAEP algorithm is supported for JWT encryption, used " + algName);
}
try {
encryptedJWT.decrypt(new RSADecrypter(privateKey));
} catch (JOSEException ex) {
throw new JWTProcessingException("Exception during decrypting JWT token", ex);
}
signedJWT = encryptedJWT.getPayload().toSignedJWT();
if (signedJWT == null) {
throw new JWTProcessingException("Unable to parse signed JWT.");
}
return verifyAndParseSignedJWT(issuer, publicKey);
}
Also used :
JWTProcessingException(fish.payara.microprofile.jwtauth.eesecurity.JWTProcessingException)
JsonString(javax.json.JsonString)
JOSEException(com.nimbusds.jose.JOSEException)
RSADecrypter(com.nimbusds.jose.crypto.RSADecrypter)
Example 5 with RSADecrypter
use of com.nimbusds.jose.crypto.RSADecrypter in project mycore by MyCoRe-Org.
the class MCRJSONWebTokenUtil method retrievePublicKeyFromLoginToken.
/**
* retrieves the client public key from Login Token
*
* @param token - the serialized JSON Web Token from login
* @return the public key as JWK object
*/
public static JWK retrievePublicKeyFromLoginToken(String token) {
JWK result = null;
JWEObject jweObject;
try {
jweObject = JWEObject.parse(token);
// Decrypt with shared key
jweObject.decrypt(new RSADecrypter(RSA_KEYS.getPrivate()));
// Extract payload
SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
result = signedJWT.getHeader().getJWK();
RSAKey publicKey = RSAKey.parse(result.toJSONObject());
if (signedJWT.verify(new RSASSAVerifier(publicKey))) {
return result;
}
} catch (ParseException | JOSEException e) {
LOGGER.error(e);
}
return null;
}
Also used :
RSAKey(com.nimbusds.jose.jwk.RSAKey)
JWEObject(com.nimbusds.jose.JWEObject)
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
SignedJWT(com.nimbusds.jwt.SignedJWT)
ParseException(java.text.ParseException)
JOSEException(com.nimbusds.jose.JOSEException)
JWK(com.nimbusds.jose.jwk.JWK)
RSADecrypter(com.nimbusds.jose.crypto.RSADecrypter)
Aggregations
RSADecrypter (com.nimbusds.jose.crypto.RSADecrypter)6
RSAKey (com.nimbusds.jose.jwk.RSAKey)4
JOSEException (com.nimbusds.jose.JOSEException)3
RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)3
JWK (com.nimbusds.jose.jwk.JWK)3
SignedJWT (com.nimbusds.jwt.SignedJWT)3
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)3
ParseException (java.text.ParseException)3
JWEObject (com.nimbusds.jose.JWEObject)2
EncryptedJWT (com.nimbusds.jwt.EncryptedJWT)2
JWTProcessingException (fish.payara.microprofile.jwtauth.eesecurity.JWTProcessingException)1
IOException (java.io.IOException)1
KeyFactory (java.security.KeyFactory)1
PrivateKey (java.security.PrivateKey)1
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)1
JsonString (javax.json.JsonString)1
InvalidJweException (org.gluu.oxauth.model.exception.InvalidJweException)1
InvalidJwtException (org.gluu.oxauth.model.exception.InvalidJwtException)1
JSONException (org.json.JSONException)1
