use of com.nimbusds.jose.jwk.RSAKey in project tomee by apache.
the class KeyGeneratorUtil method generateKeyPair.
public static void generateKeyPair(String keyAlgorithm, int keySize) throws NoSuchAlgorithmException {
// RSA
KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgorithm);
// 2048
kpg.initialize(keySize);
KeyPair kp = kpg.generateKeyPair();
System.out.println("-----BEGIN PRIVATE KEY-----");
System.out.println(Base64.getMimeEncoder().encodeToString(kp.getPrivate().getEncoded()));
System.out.println("-----END PRIVATE KEY-----");
System.out.println("-----BEGIN PUBLIC KEY-----");
System.out.println(Base64.getMimeEncoder().encodeToString(kp.getPublic().getEncoded()));
System.out.println("-----END PUBLIC KEY-----");
RSAPublicKey publicKey = (RSAPublicKey) kp.getPublic();
RSAKey jwk = new RSAKey.Builder(publicKey).privateKey((RSAPrivateKey) kp.getPrivate()).keyUse(KeyUse.SIGNATURE).keyID(UUID.randomUUID().toString()).build();
System.out.println(jwk.toJSONObject().toJSONString());
}
use of com.nimbusds.jose.jwk.RSAKey in project SEPA by arces-wot.
the class SecurityManagerTest method generateToken.
private SignedJWT generateToken(DigitalIdentity identity, String password) throws ParseException, KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, JOSEException, SEPASecurityException {
// Prepare JWT with claims set
JWTClaimsSet.Builder claimsSetBuilder = new JWTClaimsSet.Builder();
// Define validity period
Date now = new Date();
long exp = 0;
if (identity.getClass().equals(DeviceIdentity.class)) {
exp = auth.getDeviceExpiringPeriod();
} else if (identity.getClass().equals(ApplicationIdentity.class)) {
exp = auth.getApplicationExpiringPeriod();
} else
exp = auth.getDefaultExpiringPeriod();
Date expires = new Date(now.getTime() + exp * 1000);
claimsSetBuilder.issuer("http://issuer");
claimsSetBuilder.subject("http://subject");
ArrayList<String> audience = new ArrayList<String>();
audience.add("https://audience");
audience.add("wss://audience");
claimsSetBuilder.audience(audience);
claimsSetBuilder.expirationTime(expires);
claimsSetBuilder.issueTime(now);
claimsSetBuilder.jwtID(identity.getUid() + ":" + password + ":" + UUID.randomUUID());
JWTClaimsSet jwtClaims = claimsSetBuilder.build();
// ******************************
// Sign JWT with private RSA key
// ******************************
SignedJWT signedJWT;
signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), JWTClaimsSet.parse(jwtClaims.toString()));
// // Load the key from the key store
// KeyStore keystore = KeyStore.getInstance("JKS");
//
// keystore.load(new FileInputStream(jksFile), storePass.toCharArray());
// RSAKey jwk = RSAKey.load(keystore, alias, keyPass.toCharArray());
RSAKey jwk = configurationProvider.getRsaKey();
// Get the private and public keys to sign and verify
RSAPrivateKey privateKey = jwk.toRSAPrivateKey();
// Create RSA-signer with the private key
JWSSigner signer = new RSASSASigner(privateKey);
signedJWT.sign(signer);
return signedJWT;
}
use of com.nimbusds.jose.jwk.RSAKey in project mycore by MyCoRe-Org.
the class MCRJSONWebTokenUtil method retrievePublicKeyFromLoginToken.
/**
* retrieves the client public key from Login Token
*
* @param token - the serialized JSON Web Token from login
* @return the public key as JWK object
*/
public static JWK retrievePublicKeyFromLoginToken(String token) {
JWK result = null;
JWEObject jweObject;
try {
jweObject = JWEObject.parse(token);
// Decrypt with shared key
jweObject.decrypt(new RSADecrypter(RSA_KEYS.getPrivate()));
// Extract payload
SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
result = signedJWT.getHeader().getJWK();
RSAKey publicKey = RSAKey.parse(result.toJSONObject());
if (signedJWT.verify(new RSASSAVerifier(publicKey))) {
return result;
}
} catch (ParseException | JOSEException e) {
LOGGER.error(e);
}
return null;
}
use of com.nimbusds.jose.jwk.RSAKey in project mycore by MyCoRe-Org.
the class MCRJSONWebTokenUtil method retrieveUsernamePasswordFromLoginToken.
/**
* retrieves username and password from JSON web tocken
*
* @param token - the serialized JSON web token from login
* @return username and password (combined by ":")
*/
public static String retrieveUsernamePasswordFromLoginToken(String token) {
JWEObject jweObject;
try {
jweObject = JWEObject.parse(token);
// Decrypt with shared key
jweObject.decrypt(new RSADecrypter(RSA_KEYS.getPrivate()));
// Extract payload
SignedJWT signedJWT = jweObject.getPayload().toSignedJWT();
RSAKey serverPublicKey = RSAKey.parse(signedJWT.getHeader().getJWK().toJSONObject());
if (signedJWT.verify(new RSASSAVerifier(serverPublicKey))) {
// Token is valid
String username = signedJWT.getJWTClaimsSet().getSubject();
String password = signedJWT.getJWTClaimsSet().getStringClaim("password");
return username + ":" + password;
}
} catch (ParseException | JOSEException e) {
LOGGER.error(e);
}
return null;
}
use of com.nimbusds.jose.jwk.RSAKey in project oxAuth by GluuFederation.
the class CrossEncryptionTest method encryptWithGluuJweEncrypter.
private String encryptWithGluuJweEncrypter() {
try {
RSAKey recipientPublicJWK = (RSAKey) (JWK.parse(recipientJwkJson));
BlockEncryptionAlgorithm blockEncryptionAlgorithm = BlockEncryptionAlgorithm.A128GCM;
KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.RSA_OAEP;
Jwe jwe = new Jwe();
jwe.getHeader().setType(JwtType.JWT);
jwe.getHeader().setAlgorithm(keyEncryptionAlgorithm);
jwe.getHeader().setEncryptionMethod(blockEncryptionAlgorithm);
jwe.getClaims().setIssuer("https:devgluu.saminet.local");
jwe.getClaims().setSubjectIdentifier("testing");
jwe.getHeader().setKeyId("1");
JweEncrypterImpl encrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, recipientPublicJWK.toPublicKey());
jwe = encrypter.encrypt(jwe);
// System.out.println("EncodedIntegrityValue: " + jwe.getEncodedIntegrityValue());
return jwe.toString();
} catch (Exception e) {
System.out.println("Error encryption with Gluu JweEncrypter: " + e.getMessage());
return null;
}
}
Aggregations