Examples with RSAKey com.nimbusds.jose.jwk.RSAKey used on opensource projects

Example 16 with RSAKey

use of com.nimbusds.jose.jwk.RSAKey in project carbon-apimgt by wso2.

the class JWTValidatorImpl method validateSignature.

protected boolean validateSignature(SignedJWT signedJWT) throws APIManagementException {
    String certificateAlias = APIConstants.GATEWAY_PUBLIC_CERTIFICATE_ALIAS;
    try {
        String keyID = signedJWT.getHeader().getKeyID();
        if (StringUtils.isNotEmpty(keyID)) {
            if (tokenIssuer.getJwksConfigurationDTO().isEnabled() && StringUtils.isNotEmpty(tokenIssuer.getJwksConfigurationDTO().getUrl())) {
                // Check JWKSet Available in Cache
                if (jwkSet == null) {
                    jwkSet = retrieveJWKSet();
                }
                if (jwkSet.getKeyByKeyId(keyID) == null) {
                    jwkSet = retrieveJWKSet();
                }
                if (jwkSet.getKeyByKeyId(keyID) instanceof RSAKey) {
                    RSAKey keyByKeyId = (RSAKey) jwkSet.getKeyByKeyId(keyID);
                    RSAPublicKey rsaPublicKey = keyByKeyId.toRSAPublicKey();
                    if (rsaPublicKey != null) {
                        return JWTUtil.verifyTokenSignature(signedJWT, rsaPublicKey);
                    }
                } else {
                    if (log.isDebugEnabled()) {
                        log.debug("Key Algorithm not supported");
                    }
                    // return false to produce 401 unauthenticated response
                    return false;
                }
            } else if (tokenIssuer.getCertificate() != null) {
                log.debug("Retrieve certificate from Token issuer and validating");
                RSAPublicKey rsaPublicKey = (RSAPublicKey) tokenIssuer.getCertificate().getPublicKey();
                return JWTUtil.verifyTokenSignature(signedJWT, rsaPublicKey);
            } else {
                return JWTUtil.verifyTokenSignature(signedJWT, keyID);
            }
        }
        return JWTUtil.verifyTokenSignature(signedJWT, certificateAlias);
    } catch (ParseException | JOSEException | IOException e) {
        log.error("Error while parsing JWT", e);
    }
    return true;
}

Example 17 with RSAKey

use of com.nimbusds.jose.jwk.RSAKey in project SEPA by arces-wot.

the class AuthorizationManager method getJWK.

/**
 * Gets the RSA Key from the keystore.
 *
 * @param keyAlias
 *            the key alias
 * @param keyPwd
 *            the key password
 * @return the RSAKey
 * @throws JOSEException
 * @throws KeyStoreException
 *
 * @see RSAKey
 */
public RSAKey getJWK(String keyAlias, String keyPwd) throws KeyStoreException, JOSEException {
    RSAKey jwk = null;
    jwk = RSAKey.load(sManager.getKeyStore(), keyAlias, keyPwd.toCharArray());
    return jwk;
}

Example 18 with RSAKey

use of com.nimbusds.jose.jwk.RSAKey in project SEPA by arces-wot.

the class AuthorizationManager method init.

private boolean init(KeyStore keyStore, String keyAlias, String keyPwd) throws KeyStoreException, JOSEException {
    // Load the key from the key store
    RSAKey jwk = RSAKey.load(keyStore, keyAlias, keyPwd.toCharArray());
    // Get the private and public keys to sign and verify
    RSAPrivateKey privateKey;
    RSAPublicKey publicKey;
    privateKey = jwk.toRSAPrivateKey();
    publicKey = jwk.toRSAPublicKey();
    // Create RSA-signer with the private key
    signer = new RSASSASigner(privateKey);
    // Create RSA-verifier with the public key
    verifier = new RSASSAVerifier(publicKey);
    // Serialize the public key to be deliverer during registration
    jwkPublicKey = new JsonParser().parse(jwk.toPublicJWK().toJSONString());
    // Set up a JWT processor to parse the tokens and then check their signature
    // and validity time window (bounded by the "iat", "nbf" and "exp" claims)
    jwtProcessor = new DefaultJWTProcessor<SEPASecurityContext>();
    JWKSet jws = new JWKSet(jwk);
    JWKSource<SEPASecurityContext> keySource = new ImmutableJWKSet<SEPASecurityContext>(jws);
    JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;
    JWSKeySelector<SEPASecurityContext> keySelector = new JWSVerificationKeySelector<SEPASecurityContext>(expectedJWSAlg, keySource);
    jwtProcessor.setJWSKeySelector(keySelector);
    return true;
}

Example 19 with RSAKey

use of com.nimbusds.jose.jwk.RSAKey in project ORCID-Source by ORCID.

the class OpenIDConnectTest method checkJWT.

private SignedJWT checkJWT(String id) throws ParseException, JOSEException, InvalidHashException {
    SignedJWT signedJWT = SignedJWT.parse(id);
    Assert.assertEquals("https://orcid.org", signedJWT.getJWTClaimsSet().getIssuer());
    Assert.assertEquals("https://orcid.org/9999-0000-0000-0004", signedJWT.getJWTClaimsSet().getSubject());
    Assert.assertEquals("9999-0000-0000-0004", signedJWT.getJWTClaimsSet().getClaim("id_path"));
    Assert.assertEquals("APP-9999999999999901", signedJWT.getJWTClaimsSet().getAudience().get(0));
    Assert.assertEquals("yesMate", signedJWT.getJWTClaimsSet().getClaim("nonce"));
    Assert.assertEquals("User One Credit name", signedJWT.getJWTClaimsSet().getClaim("name"));
    Assert.assertEquals("One", signedJWT.getJWTClaimsSet().getClaim("family_name"));
    Assert.assertEquals("User", signedJWT.getJWTClaimsSet().getClaim("given_name"));
    // get JWKS
    Client client = Client.create();
    WebResource webResource = client.resource(baseUri + "/oauth/jwks");
    ClientResponse jwksResponse = webResource.accept(MediaType.APPLICATION_JSON).get(ClientResponse.class);
    String jwkString = jwksResponse.getEntity(String.class);
    RSAKey jwk = (RSAKey) JWKSet.parse(jwkString).getKeyByKeyId(signedJWT.getHeader().getKeyID());
    // check sig
    JWSVerifier verifier = new RSASSAVerifier(jwk);
    Assert.assertTrue(signedJWT.verify(verifier));
    return signedJWT;
}

Example 20 with RSAKey

use of com.nimbusds.jose.jwk.RSAKey in project ORCID-Source by ORCID.

the class OpenIDConnectKeyServiceTest method testKeyGenAndSigning.

@Test
public void testKeyGenAndSigning() throws JOSEException, NoSuchAlgorithmException, IOException, ParseException, URISyntaxException {
    OpenIDConnectKeyService.OpenIDConnectKeyServiceConfig config = new OpenIDConnectKeyServiceConfig();
    config.keyName = "IntTestKey1";
    config.jsonKey = testKey;
    OpenIDConnectKeyService service = new OpenIDConnectKeyService(config);
    HashMap<String, Object> map = new HashMap<String, Object>();
    map.put("test", "abcd1234");
    JWTClaimsSet claims = new JWTClaimsSet.Builder().issuer("me").build();
    SignedJWT signed = service.sign(claims);
    JWSVerifier verifier = new RSASSAVerifier(((RSAKey) service.getPublicJWK().getKeyByKeyId(signed.getHeader().getKeyID())));
    Assert.assertTrue(signed.verify(verifier));
}