use of com.nimbusds.jose.jwk.OctetKeyPair in project gravitee-access-management by gravitee-io.
the class JWSServiceImpl method from.
private JWSVerifier from(OKPKey okpKey) {
try {
Curve curve = Curve.parse(okpKey.getCrv());
if (curve.getStdName() == null) {
throw new IllegalArgumentException("Unknown OKP Curve: " + okpKey.getCrv());
}
OctetKeyPair jwk = new OctetKeyPair.Builder(curve, new Base64URL(okpKey.getX())).build();
return new Ed25519Verifier(jwk);
} catch (JOSEException ex) {
LOGGER.error("Unable to build Verifier from Message Authentication Code (MAC) key", ex);
throw new IllegalArgumentException("Signature is using and unknown/not managed key");
}
}
use of com.nimbusds.jose.jwk.OctetKeyPair in project gravitee-access-management by gravitee-io.
the class JWEEdwardCurveTest method encryptIdToken.
@Test
public void encryptIdToken() {
try {
final OctetKeyPair jwk = new OctetKeyPairGenerator(Curve.X25519).generate();
OKPKey key = new OKPKey();
key.setKid("okpEnc");
key.setUse("enc");
key.setCrv(jwk.getCurve().getName());
key.setX(jwk.getX().toString());
Client client = new Client();
client.setIdTokenEncryptedResponseAlg(alg);
client.setIdTokenEncryptedResponseEnc(enc);
when(jwkService.getKeys(client)).thenReturn(Maybe.just(new JWKSet()));
when(jwkService.filter(any(), any())).thenReturn(Maybe.just(key));
TestObserver testObserver = jweService.encryptIdToken("JWT", client).test();
testObserver.assertNoErrors();
testObserver.assertComplete();
testObserver.assertValue(jweString -> {
try {
JWEObject jwe = JWEObject.parse((String) jweString);
jwe.decrypt(new X25519Decrypter(jwk));
return "JWT".equals(jwe.getPayload().toString());
} catch (JOSEException e) {
fail(e.getMessage());
}
return false;
});
} catch (JOSEException e) {
fail(e.getMessage());
}
}
use of com.nimbusds.jose.jwk.OctetKeyPair in project gravitee-access-management by gravitee-io.
the class JWEEdwardCurveTest method encryptUserinfo.
@Test
public void encryptUserinfo() {
try {
final OctetKeyPair jwk = new OctetKeyPairGenerator(Curve.X25519).generate();
OKPKey key = new OKPKey();
key.setKid("okpEnc");
key.setUse("enc");
key.setCrv(jwk.getCurve().getName());
key.setX(jwk.getX().toString());
Client client = new Client();
client.setUserinfoEncryptedResponseAlg(alg);
client.setUserinfoEncryptedResponseEnc(enc);
when(jwkService.getKeys(client)).thenReturn(Maybe.just(new JWKSet()));
when(jwkService.filter(any(), any())).thenReturn(Maybe.just(key));
TestObserver testObserver = jweService.encryptUserinfo("JWT", client).test();
testObserver.assertNoErrors();
testObserver.assertComplete();
testObserver.assertValue(jweString -> {
try {
JWEObject jwe = JWEObject.parse((String) jweString);
jwe.decrypt(new X25519Decrypter(jwk));
return "JWT".equals(jwe.getPayload().toString());
} catch (JOSEException e) {
fail(e.getMessage());
}
return false;
});
} catch (JOSEException e) {
fail(e.getMessage());
}
}
use of com.nimbusds.jose.jwk.OctetKeyPair in project gravitee-access-management by gravitee-io.
the class JWSServiceTest method testValidSignature_OKP.
@Test
public void testValidSignature_OKP() throws JOSEException {
// Generate OKP key
OctetKeyPair okp = new OctetKeyPairGenerator(Curve.Ed25519).generate();
OKPKey key = new OKPKey();
key.setKty("OKP");
key.setKid(KID);
key.setCrv(okp.getCurve().getStdName());
key.setX(okp.getX().toString());
// Sign JWT with Edward Curve algorithm
SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.EdDSA).keyID(KID).build(), new JWTClaimsSet.Builder().expirationTime(Date.from(Instant.now().plus(1, ChronoUnit.DAYS))).build());
signedJWT.sign(new Ed25519Signer(okp));
assertTrue("Should be ok", jwsService.isValidSignature(signedJWT, key));
}
use of com.nimbusds.jose.jwk.OctetKeyPair in project conformance-suite by openid-certification.
the class KeyManager method getSigningPrivateKey.
public PrivateKey getSigningPrivateKey() {
JWK signingKey = jwkSet.getKeyByKeyId(signingKeyId);
KeyType keyType = signingKey.getKeyType();
try {
if (keyType.equals(KeyType.RSA)) {
return ((RSAKey) signingKey).toPrivateKey();
} else if (keyType.equals(KeyType.EC)) {
return ((ECKey) signingKey).toPrivateKey();
} else if (keyType.equals(KeyType.OKP)) {
return ((OctetKeyPair) signingKey).toPrivateKey();
} else {
return null;
}
} catch (JOSEException e) {
return null;
}
}
Aggregations