use of com.nimbusds.jose.jwk.RSAKey in project oxAuth by GluuFederation.
the class CrossEncryptionTest method decryptAndValidateSignatureWithNimbus.
private void decryptAndValidateSignatureWithNimbus(String jweString) throws ParseException, JOSEException {
JWK jwk = JWK.parse(recipientJwkJson);
RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey();
JWEObject jweObject = JWEObject.parse(jweString);
jweObject.decrypt(new RSADecrypter(rsaPrivateKey));
SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
assertNotNull("Payload not a signed JWT", signedJWT);
RSAKey senderJWK = (RSAKey) JWK.parse(senderJwkJson);
assertTrue(signedJWT.verify(new RSASSAVerifier(senderJWK)));
assertEquals("testing", signedJWT.getJWTClaimsSet().getSubject());
System.out.println("Nimbus decrypt and nested jwt signature verification succeed: " + signedJWT.getJWTClaimsSet().toJSONObject());
}
use of com.nimbusds.jose.jwk.RSAKey in project oxAuth by GluuFederation.
the class CrossEncryptionTest method testDecryptNimbusJoseJwt.
private boolean testDecryptNimbusJoseJwt(String jwe) {
try {
EncryptedJWT encryptedJwt = EncryptedJWT.parse(jwe);
// EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptWithGluu());
// EncryptedJWT encryptedJwt = EncryptedJWT.parse(encryptWithNimbus());
JWK jwk = JWK.parse(recipientJwkJson);
RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey();
JWEDecrypter decrypter = new RSADecrypter(rsaPrivateKey);
decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
encryptedJwt.decrypt(decrypter);
final String decryptedPayload = new String(Base64Util.base64urldecode(encryptedJwt.getPayload().toString()));
System.out.println("Nimbusds decrypt succeed: " + decryptedPayload);
if (isJsonEqual(decryptedPayload, PAYLOAD)) {
return true;
}
} catch (Exception e) {
System.out.println("Nimbusds decrypt failed: " + e.getMessage());
e.printStackTrace();
}
return false;
}
use of com.nimbusds.jose.jwk.RSAKey in project oxAuth by GluuFederation.
the class CrossEncryptionTest method nestedJWTProducedByGluu.
@Test
public void nestedJWTProducedByGluu() throws Exception {
AppConfiguration appConfiguration = new AppConfiguration();
List<JSONWebKey> keyArrayList = new ArrayList<JSONWebKey>();
keyArrayList.add(getSenderWebKey());
JSONWebKeySet keySet = new JSONWebKeySet();
keySet.setKeys(keyArrayList);
final JwtSigner jwtSigner = new JwtSigner(appConfiguration, keySet, SignatureAlgorithm.RS256, "audience", null, new AbstractCryptoProvider() {
@Override
public JSONObject generateKey(Algorithm algorithm, Long expirationTime, Use use) throws Exception {
return null;
}
@Override
public JSONObject generateKey(Algorithm algorithm, Long expirationTime, Use use, int keyLength) throws Exception {
return null;
}
@Override
public boolean containsKey(String keyId) {
return false;
}
@Override
public String sign(String signingInput, String keyId, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws Exception {
RSAPrivateKey privateKey = ((RSAKey) JWK.parse(senderJwkJson)).toRSAPrivateKey();
Signature signature = Signature.getInstance(signatureAlgorithm.getAlgorithm(), "BC");
signature.initSign(privateKey);
signature.update(signingInput.getBytes());
return Base64Util.base64urlencode(signature.sign());
}
@Override
public boolean verifySignature(String signingInput, String encodedSignature, String keyId, JSONObject jwks, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws Exception {
return false;
}
@Override
public boolean deleteKey(String keyId) throws Exception {
return false;
}
@Override
public PrivateKey getPrivateKey(String keyId) throws Exception {
throw new UnsupportedOperationException("Method not implemented.");
}
});
Jwt jwt = jwtSigner.newJwt();
jwt.getClaims().setSubjectIdentifier("testing");
jwt.getClaims().setIssuer("https:devgluu.saminet.local");
jwt = jwtSigner.sign();
RSAKey recipientPublicJWK = (RSAKey) (JWK.parse(recipientJwkJson));
BlockEncryptionAlgorithm blockEncryptionAlgorithm = BlockEncryptionAlgorithm.A128GCM;
KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.RSA_OAEP;
Jwe jwe = new Jwe();
jwe.getHeader().setType(JwtType.JWT);
jwe.getHeader().setAlgorithm(keyEncryptionAlgorithm);
jwe.getHeader().setEncryptionMethod(blockEncryptionAlgorithm);
jwe.getHeader().setKeyId("1");
jwe.setSignedJWTPayload(jwt);
JweEncrypterImpl encrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, recipientPublicJWK.toPublicKey());
String jweString = encrypter.encrypt(jwe).toString();
decryptAndValidateSignatureWithGluu(jweString);
decryptAndValidateSignatureWithNimbus(jweString);
}
use of com.nimbusds.jose.jwk.RSAKey in project dhis2-core by dhis2.
the class JwtUtils method jwkSource.
public JWKSource<SecurityContext> jwkSource() {
RSAKey rsaKey = Jwks.generateRsa();
JWKSet jwkSet = new JWKSet(rsaKey);
return (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
}
use of com.nimbusds.jose.jwk.RSAKey in project mycore by MyCoRe-Org.
the class MCRJSONWebTokenUtil method retrievePublicKeyFromAuthenticationToken.
/**
* retrieves the client public key from Authentication Token
*
* @param signedJWT - the authentication token
* @return the public key as JWK object
*/
public static JWK retrievePublicKeyFromAuthenticationToken(SignedJWT signedJWT) {
JWK result = null;
try {
result = JWK.parse(signedJWT.getJWTClaimsSet().getJSONObjectClaim("sub_jwk"));
RSAKey publicKey = (RSAKey) signedJWT.getHeader().getJWK();
if (signedJWT.verify(new RSASSAVerifier(publicKey))) {
return result;
}
} catch (ParseException | JOSEException e) {
LOGGER.error(e);
}
return null;
}
Aggregations