Example 1 with ECKey
use of com.nimbusds.jose.jwk.ECKey in project spring-security by spring-projects.
the class JwtDecoderProviderConfigurationUtilsTests method getSignatureAlgorithmsWhenJwkSetSpecifiesFamilyThenUses.
@Test
public void getSignatureAlgorithmsWhenJwkSetSpecifiesFamilyThenUses() throws Exception {
JWKSource<SecurityContext> jwkSource = mock(JWKSource.class);
// Test parameters are from Anders Rundgren, public only
ECKey ecKey = new ECKey.Builder(Curve.P_256, new Base64URL("3l2Da_flYc-AuUTm2QzxgyvJxYM_2TeB9DMlwz7j1PE"), new Base64URL("-kjT7Wrfhwsi9SG6H4UXiyUiVE9GHCLauslksZ3-_t0")).keyUse(KeyUse.SIGNATURE).build();
RSAKey rsaKey = new RSAKey.Builder(TestKeys.DEFAULT_PUBLIC_KEY).keyUse(KeyUse.ENCRYPTION).build();
given(jwkSource.get(any(JWKSelector.class), isNull())).willReturn(Arrays.asList(ecKey, rsaKey));
Set<SignatureAlgorithm> algorithms = JwtDecoderProviderConfigurationUtils.getSignatureAlgorithms(jwkSource);
assertThat(algorithms).contains(SignatureAlgorithm.ES256, SignatureAlgorithm.ES384, SignatureAlgorithm.ES512);
}
Also used :
JWKSelector(com.nimbusds.jose.jwk.JWKSelector)
RSAKey(com.nimbusds.jose.jwk.RSAKey)
SecurityContext(com.nimbusds.jose.proc.SecurityContext)
ECKey(com.nimbusds.jose.jwk.ECKey)
SignatureAlgorithm(org.springframework.security.oauth2.jose.jws.SignatureAlgorithm)
Base64URL(com.nimbusds.jose.util.Base64URL)
Test(org.junit.jupiter.api.Test)
Example 2 with ECKey
use of com.nimbusds.jose.jwk.ECKey in project oxAuth by GluuFederation.
the class JwtCrossCheckTest method validate.
private static void validate(String jwtAsString, OxAuthCryptoProvider cryptoProvider, String kid, SignatureAlgorithm signatureAlgorithm) throws Exception {
SignedJWT signedJWT = SignedJWT.parse(jwtAsString);
Jwt jwt = Jwt.parse(jwtAsString);
JWSVerifier nimbusVerifier = null;
AbstractJwsSigner oxauthVerifier = null;
switch(signatureAlgorithm.getFamily()) {
case EC:
final ECKey ecKey = ECKey.load(cryptoProvider.getKeyStore(), kid, cryptoProvider.getKeyStoreSecret().toCharArray());
final ECPublicKey ecPublicKey = ecKey.toECPublicKey();
nimbusVerifier = new ECDSAVerifier(ecKey);
oxauthVerifier = new ECDSASigner(jwt.getHeader().getSignatureAlgorithm(), new ECDSAPublicKey(jwt.getHeader().getSignatureAlgorithm(), ecPublicKey.getW().getAffineX(), ecPublicKey.getW().getAffineY()));
break;
case RSA:
RSAKey rsaKey = RSAKey.load(cryptoProvider.getKeyStore(), kid, cryptoProvider.getKeyStoreSecret().toCharArray());
final java.security.interfaces.RSAPublicKey rsaPublicKey = rsaKey.toRSAPublicKey();
nimbusVerifier = new RSASSAVerifier(rsaKey);
oxauthVerifier = new RSASigner(signatureAlgorithm, new RSAPublicKey(rsaPublicKey.getModulus(), rsaPublicKey.getPublicExponent()));
break;
}
assertNotNull(nimbusVerifier);
assertNotNull(oxauthVerifier);
// Nimbus
assertTrue(signedJWT.verify(nimbusVerifier));
// oxauth cryptoProvider
boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), kid, null, null, jwt.getHeader().getSignatureAlgorithm());
assertTrue(validJwt);
// oxauth verifier
assertTrue(oxauthVerifier.validate(jwt));
}
Also used :
RSAKey(com.nimbusds.jose.jwk.RSAKey)
ECDSASigner(org.gluu.oxauth.model.jws.ECDSASigner)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
JWSVerifier(com.nimbusds.jose.JWSVerifier)
AbstractJwsSigner(org.gluu.oxauth.model.jws.AbstractJwsSigner)
ECKey(com.nimbusds.jose.jwk.ECKey)
SignedJWT(com.nimbusds.jwt.SignedJWT)
ECDSAVerifier(com.nimbusds.jose.crypto.ECDSAVerifier)
ECPublicKey(java.security.interfaces.ECPublicKey)
RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey)
RSASigner(org.gluu.oxauth.model.jws.RSASigner)
ECDSAPublicKey(org.gluu.oxauth.model.crypto.signature.ECDSAPublicKey)
Example 3 with ECKey
use of com.nimbusds.jose.jwk.ECKey in project dhis2-core by dhis2.
the class Jwks method generateEc.
public static ECKey generateEc() {
KeyPair keyPair = KeyGeneratorUtils.generateEcKey();
ECPublicKey publicKey = (ECPublicKey) keyPair.getPublic();
ECPrivateKey privateKey = (ECPrivateKey) keyPair.getPrivate();
Curve curve = Curve.forECParameterSpec(publicKey.getParams());
// @formatter:off
return new ECKey.Builder(curve, publicKey).privateKey(privateKey).keyID(UUID.randomUUID().toString()).build();
// @formatter:on
}
Also used :
ECPrivateKey(java.security.interfaces.ECPrivateKey)
KeyPair(java.security.KeyPair)
ECPublicKey(java.security.interfaces.ECPublicKey)
Curve(com.nimbusds.jose.jwk.Curve)
ECKey(com.nimbusds.jose.jwk.ECKey)
Aggregations
ECKey (com.nimbusds.jose.jwk.ECKey)3
RSAKey (com.nimbusds.jose.jwk.RSAKey)2
ECPublicKey (java.security.interfaces.ECPublicKey)2
JWSVerifier (com.nimbusds.jose.JWSVerifier)1
ECDSAVerifier (com.nimbusds.jose.crypto.ECDSAVerifier)1
RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)1
Curve (com.nimbusds.jose.jwk.Curve)1
JWKSelector (com.nimbusds.jose.jwk.JWKSelector)1
SecurityContext (com.nimbusds.jose.proc.SecurityContext)1
Base64URL (com.nimbusds.jose.util.Base64URL)1
SignedJWT (com.nimbusds.jwt.SignedJWT)1
KeyPair (java.security.KeyPair)1
ECPrivateKey (java.security.interfaces.ECPrivateKey)1
ECDSAPublicKey (org.gluu.oxauth.model.crypto.signature.ECDSAPublicKey)1
RSAPublicKey (org.gluu.oxauth.model.crypto.signature.RSAPublicKey)1
AbstractJwsSigner (org.gluu.oxauth.model.jws.AbstractJwsSigner)1
ECDSASigner (org.gluu.oxauth.model.jws.ECDSASigner)1
RSASigner (org.gluu.oxauth.model.jws.RSASigner)1
Jwt (org.gluu.oxauth.model.jwt.Jwt)1
Test (org.junit.jupiter.api.Test)1
