use of com.nimbusds.jose.jwk.KeyType in project conformance-suite by openid-certification.
the class AbstractEnsureMinimumKeyLength method checkKeyLength.
protected Environment checkKeyLength(Environment env, String jwksKey, int minimumKeyLengthRsa, int minimumKeyLengthEc) {
JsonObject jwks = env.getObject(jwksKey);
if (jwks == null) {
throw error("Couldn't find " + jwksKey + " in environment");
}
JWKSet jwkset;
try {
jwkset = JWKSet.parse(jwks.toString());
} catch (ParseException e) {
throw error("Failure parsing " + jwksKey, e);
}
for (JWK jwk : jwkset.getKeys()) {
KeyType keyType = jwk.getKeyType();
int keyLength = jwk.size();
int minimumLength;
if (keyType.equals(KeyType.RSA)) {
minimumLength = minimumKeyLengthRsa;
} else if (keyType.equals(KeyType.EC)) {
minimumLength = minimumKeyLengthEc;
} else {
// No requirement for other key types
continue;
}
if (keyLength < minimumLength) {
throw error("Key found in " + jwksKey + " has fewer bits (is shorter) than required", args("minimum", minimumLength, "actual", keyLength, "key", jwk.toJSONString()));
}
}
logSuccess("Validated minimum key lengths for " + jwksKey, args(jwksKey, jwks));
return env;
}
use of com.nimbusds.jose.jwk.KeyType in project conformance-suite by openid-certification.
the class OIDCCExtractServerSigningAlg method selectKeyFromServerJwksForAlgorithm.
private Environment selectKeyFromServerJwksForAlgorithm(Environment env, JsonObject jwks, JWSAlgorithm configuredJwsAlgorithm) {
try {
JWKSet jwkSet = JWKSet.parse(jwks.toString());
KeyType keyType = null;
if (JWSAlgorithm.Family.RSA.contains(configuredJwsAlgorithm)) {
keyType = KeyType.RSA;
} else if (JWSAlgorithm.Family.EC.contains(configuredJwsAlgorithm)) {
keyType = KeyType.EC;
} else if (JWSAlgorithm.Family.ED.contains(configuredJwsAlgorithm)) {
keyType = KeyType.OKP;
}
JWSAlgorithm foundAlg = null;
if (jwkSet != null) {
List<JWK> keys = jwkSet.getKeys();
for (JWK key : keys) {
if (key.getKeyType().equals(keyType)) {
if (key.getKeyUse() == null || KeyUse.SIGNATURE.equals(key.getKeyUse())) {
if (key.getAlgorithm() == null) {
// there may be a more specific match later so don't break
foundAlg = configuredJwsAlgorithm;
} else if (key.getAlgorithm().equals(configuredJwsAlgorithm)) {
// best match, this is it
foundAlg = configuredJwsAlgorithm;
break;
}
}
}
}
}
if (foundAlg == null) {
throw error("Could not find a suitable key in server_jwks for client id_token_signed_response_alg.", args("server_jwks", jwks, "id_token_signed_response_alg", configuredJwsAlgorithm.getName()));
}
env.putString("signing_algorithm", foundAlg.getName());
logSuccess("Selected signing algorithm based on client id_token_signed_response_alg.", args("selected_algorithm", foundAlg.getName(), "id_token_signed_response_alg", configuredJwsAlgorithm.getName()));
return env;
} catch (ParseException e) {
throw error("Could not parse server jwks.", e, args("server_jwks", jwks));
}
}
Aggregations