Search in sources :

Example 6 with RSADecrypter

use of com.nimbusds.jose.crypto.RSADecrypter in project mycore by MyCoRe-Org.

the class MCRJSONWebTokenUtil method retrievePublicKeyFromLoginToken.

/**
 * retrieves the client public key from Login Token
 *
 * @param token - the serialized JSON Web Token from login
 * @return the public key as JWK object
 */
public static JWK retrievePublicKeyFromLoginToken(String token) {
    JWK result = null;
    JWEObject jweObject;
    try {
        jweObject = JWEObject.parse(token);
        // Decrypt with shared key
        jweObject.decrypt(new RSADecrypter(RSA_KEYS.getPrivate()));
        // Extract payload
        SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
        result = signedJWT.getHeader().getJWK();
        RSAKey publicKey = RSAKey.parse(result.toJSONObject());
        if (signedJWT.verify(new RSASSAVerifier(publicKey))) {
            return result;
        }
    } catch (ParseException | JOSEException e) {
        LOGGER.error(e);
    }
    return null;
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) JWEObject(com.nimbusds.jose.JWEObject) RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier) SignedJWT(com.nimbusds.jwt.SignedJWT) ParseException(java.text.ParseException) JOSEException(com.nimbusds.jose.JOSEException) JWK(com.nimbusds.jose.jwk.JWK) RSADecrypter(com.nimbusds.jose.crypto.RSADecrypter)

Example 7 with RSADecrypter

use of com.nimbusds.jose.crypto.RSADecrypter in project mycore by MyCoRe-Org.

the class MCRJSONWebTokenUtil method retrieveUsernamePasswordFromLoginToken.

/**
 * retrieves username and password from JSON web tocken
 *
 * @param token - the serialized JSON web token from login
 * @return username and password (combined by ":")
 */
public static String retrieveUsernamePasswordFromLoginToken(String token) {
    JWEObject jweObject;
    try {
        jweObject = JWEObject.parse(token);
        // Decrypt with shared key
        jweObject.decrypt(new RSADecrypter(RSA_KEYS.getPrivate()));
        // Extract payload
        SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
        RSAKey serverPublicKey = RSAKey.parse(signedJWT.getHeader().getJWK().toJSONObject());
        if (signedJWT.verify(new RSASSAVerifier(serverPublicKey))) {
            // Token is valid
            String username = signedJWT.getJWTClaimsSet().getSubject();
            String password = signedJWT.getJWTClaimsSet().getStringClaim("password");
            return username + ":" + password;
        }
    } catch (ParseException | JOSEException e) {
        LOGGER.error(e);
    }
    return null;
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) JWEObject(com.nimbusds.jose.JWEObject) RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier) SignedJWT(com.nimbusds.jwt.SignedJWT) ParseException(java.text.ParseException) JOSEException(com.nimbusds.jose.JOSEException) RSADecrypter(com.nimbusds.jose.crypto.RSADecrypter)

Aggregations

RSADecrypter (com.nimbusds.jose.crypto.RSADecrypter)7 JOSEException (com.nimbusds.jose.JOSEException)4 RSAKey (com.nimbusds.jose.jwk.RSAKey)4 ParseException (java.text.ParseException)4 JWEObject (com.nimbusds.jose.JWEObject)3 RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)3 JWK (com.nimbusds.jose.jwk.JWK)3 SignedJWT (com.nimbusds.jwt.SignedJWT)3 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)3 EncryptedJWT (com.nimbusds.jwt.EncryptedJWT)2 IOException (java.io.IOException)2 JWTProcessingException (fish.payara.microprofile.jwtauth.eesecurity.JWTProcessingException)1 KeyFactory (java.security.KeyFactory)1 PrivateKey (java.security.PrivateKey)1 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)1 JsonString (javax.json.JsonString)1 InvalidJweException (org.gluu.oxauth.model.exception.InvalidJweException)1 InvalidJwtException (org.gluu.oxauth.model.exception.InvalidJwtException)1 JSONException (org.json.JSONException)1