Search in sources :

Example 6 with KeyType

use of com.nimbusds.jose.jwk.KeyType in project conformance-suite by openid-certification.

the class AbstractEnsureMinimumKeyLength method checkKeyLength.

protected Environment checkKeyLength(Environment env, String jwksKey, int minimumKeyLengthRsa, int minimumKeyLengthEc) {
    JsonObject jwks = env.getObject(jwksKey);
    if (jwks == null) {
        throw error("Couldn't find " + jwksKey + " in environment");
    }
    JWKSet jwkset;
    try {
        jwkset = JWKSet.parse(jwks.toString());
    } catch (ParseException e) {
        throw error("Failure parsing " + jwksKey, e);
    }
    for (JWK jwk : jwkset.getKeys()) {
        KeyType keyType = jwk.getKeyType();
        int keyLength = jwk.size();
        int minimumLength;
        if (keyType.equals(KeyType.RSA)) {
            minimumLength = minimumKeyLengthRsa;
        } else if (keyType.equals(KeyType.EC)) {
            minimumLength = minimumKeyLengthEc;
        } else {
            // No requirement for other key types
            continue;
        }
        if (keyLength < minimumLength) {
            throw error("Key found in " + jwksKey + " has fewer bits (is shorter) than required", args("minimum", minimumLength, "actual", keyLength, "key", jwk.toJSONString()));
        }
    }
    logSuccess("Validated minimum key lengths for " + jwksKey, args(jwksKey, jwks));
    return env;
}
Also used : KeyType(com.nimbusds.jose.jwk.KeyType) JWKSet(com.nimbusds.jose.jwk.JWKSet) JsonObject(com.google.gson.JsonObject) ParseException(java.text.ParseException) JWK(com.nimbusds.jose.jwk.JWK)

Example 7 with KeyType

use of com.nimbusds.jose.jwk.KeyType in project conformance-suite by openid-certification.

the class OIDCCExtractServerSigningAlg method selectKeyFromServerJwksForAlgorithm.

private Environment selectKeyFromServerJwksForAlgorithm(Environment env, JsonObject jwks, JWSAlgorithm configuredJwsAlgorithm) {
    try {
        JWKSet jwkSet = JWKSet.parse(jwks.toString());
        KeyType keyType = null;
        if (JWSAlgorithm.Family.RSA.contains(configuredJwsAlgorithm)) {
            keyType = KeyType.RSA;
        } else if (JWSAlgorithm.Family.EC.contains(configuredJwsAlgorithm)) {
            keyType = KeyType.EC;
        } else if (JWSAlgorithm.Family.ED.contains(configuredJwsAlgorithm)) {
            keyType = KeyType.OKP;
        }
        JWSAlgorithm foundAlg = null;
        if (jwkSet != null) {
            List<JWK> keys = jwkSet.getKeys();
            for (JWK key : keys) {
                if (key.getKeyType().equals(keyType)) {
                    if (key.getKeyUse() == null || KeyUse.SIGNATURE.equals(key.getKeyUse())) {
                        if (key.getAlgorithm() == null) {
                            // there may be a more specific match later so don't break
                            foundAlg = configuredJwsAlgorithm;
                        } else if (key.getAlgorithm().equals(configuredJwsAlgorithm)) {
                            // best match, this is it
                            foundAlg = configuredJwsAlgorithm;
                            break;
                        }
                    }
                }
            }
        }
        if (foundAlg == null) {
            throw error("Could not find a suitable key in server_jwks for client id_token_signed_response_alg.", args("server_jwks", jwks, "id_token_signed_response_alg", configuredJwsAlgorithm.getName()));
        }
        env.putString("signing_algorithm", foundAlg.getName());
        logSuccess("Selected signing algorithm based on client id_token_signed_response_alg.", args("selected_algorithm", foundAlg.getName(), "id_token_signed_response_alg", configuredJwsAlgorithm.getName()));
        return env;
    } catch (ParseException e) {
        throw error("Could not parse server jwks.", e, args("server_jwks", jwks));
    }
}
Also used : KeyType(com.nimbusds.jose.jwk.KeyType) JWKSet(com.nimbusds.jose.jwk.JWKSet) ParseException(java.text.ParseException) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) JWK(com.nimbusds.jose.jwk.JWK)

Aggregations

KeyType (com.nimbusds.jose.jwk.KeyType)7 JWK (com.nimbusds.jose.jwk.JWK)4 JWKSet (com.nimbusds.jose.jwk.JWKSet)2 KeyPair (java.security.KeyPair)2 ParseException (java.text.ParseException)2 JSONObject (net.minidev.json.JSONObject)2 JsonObject (com.google.gson.JsonObject)1 JOSEException (com.nimbusds.jose.JOSEException)1 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)1 JWKMatcher (com.nimbusds.jose.jwk.JWKMatcher)1 OctetKeyPair (com.nimbusds.jose.jwk.OctetKeyPair)1 RSAKey (com.nimbusds.jose.jwk.RSAKey)1