use of com.nimbusds.jose.jwk.RSAKey in project oxAuth by GluuFederation.
the class CrossEncryptionTest method testDecryptWithGluuDecrypter.
public boolean testDecryptWithGluuDecrypter(String jwe) {
try {
JWK jwk = JWK.parse(recipientJwkJson);
RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey();
JweDecrypterImpl decrypter = new JweDecrypterImpl(rsaPrivateKey);
decrypter.setKeyEncryptionAlgorithm(KeyEncryptionAlgorithm.RSA_OAEP);
decrypter.setBlockEncryptionAlgorithm(BlockEncryptionAlgorithm.A128GCM);
final String decryptedPayload = decrypter.decrypt(jwe).getClaims().toJsonString().toString();
System.out.println("Gluu decrypt succeed: " + decryptedPayload);
if (isJsonEqual(decryptedPayload, PAYLOAD)) {
return true;
}
} catch (Exception e) {
System.out.println("Gluu decrypt failed: " + e.getMessage());
e.printStackTrace();
}
return false;
}
use of com.nimbusds.jose.jwk.RSAKey in project oxAuth by GluuFederation.
the class CrossEncryptionTest method decryptAndValidateSignatureWithGluu.
private void decryptAndValidateSignatureWithGluu(String jweString) throws ParseException, JOSEException, InvalidJweException, JSONException, InvalidJwtException {
JWK jwk = JWK.parse(recipientJwkJson);
RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey();
JweDecrypterImpl decrypter = new JweDecrypterImpl(rsaPrivateKey);
decrypter.setKeyEncryptionAlgorithm(KeyEncryptionAlgorithm.RSA_OAEP);
decrypter.setBlockEncryptionAlgorithm(BlockEncryptionAlgorithm.A128GCM);
final Jwe jwe = decrypter.decrypt(jweString);
assertEquals(JwtType.JWT, jwe.getHeader().getContentType());
final Jwt jwt = jwe.getSignedJWTPayload();
Assert.assertTrue(new RSASigner(SignatureAlgorithm.RS256, getSenderPublicKey()).validate(jwt));
System.out.println("Gluu decrypt and nested jwt signature verification succeed: " + jwt.getClaims().toJsonString());
}
use of com.nimbusds.jose.jwk.RSAKey in project oxAuth by GluuFederation.
the class CrossEncryptionTest method nestedJWT.
@Test
public void nestedJWT() throws Exception {
RSAKey senderJWK = (RSAKey) JWK.parse(senderJwkJson);
RSAKey recipientPublicJWK = (RSAKey) (JWK.parse(recipientJwkJson));
// Create JWT
SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(senderJWK.getKeyID()).build(), new JWTClaimsSet.Builder().subject("testi").issuer("https:devgluu.saminet.local").build());
signedJWT.sign(new RSASSASigner(senderJWK));
JWEObject jweObject = new JWEObject(new JWEHeader.Builder(JWEAlgorithm.RSA_OAEP, EncryptionMethod.A128GCM).contentType(// required to indicate nested JWT
"JWT").build(), new Payload(signedJWT));
// Encrypt with the recipient's public key
RSAEncrypter encrypter = new RSAEncrypter(recipientPublicJWK);
jweObject.encrypt(encrypter);
final String jweString = jweObject.serialize();
decryptAndValidateSignatureWithGluu(jweString);
}
use of com.nimbusds.jose.jwk.RSAKey in project oxAuth by GluuFederation.
the class JwtCrossCheckTest method validate.
private static void validate(String jwtAsString, OxAuthCryptoProvider cryptoProvider, String kid, SignatureAlgorithm signatureAlgorithm) throws Exception {
SignedJWT signedJWT = SignedJWT.parse(jwtAsString);
Jwt jwt = Jwt.parse(jwtAsString);
JWSVerifier nimbusVerifier = null;
AbstractJwsSigner oxauthVerifier = null;
switch(signatureAlgorithm.getFamily()) {
case EC:
final ECKey ecKey = ECKey.load(cryptoProvider.getKeyStore(), kid, cryptoProvider.getKeyStoreSecret().toCharArray());
final ECPublicKey ecPublicKey = ecKey.toECPublicKey();
nimbusVerifier = new ECDSAVerifier(ecKey);
oxauthVerifier = new ECDSASigner(jwt.getHeader().getSignatureAlgorithm(), new ECDSAPublicKey(jwt.getHeader().getSignatureAlgorithm(), ecPublicKey.getW().getAffineX(), ecPublicKey.getW().getAffineY()));
break;
case RSA:
RSAKey rsaKey = RSAKey.load(cryptoProvider.getKeyStore(), kid, cryptoProvider.getKeyStoreSecret().toCharArray());
final java.security.interfaces.RSAPublicKey rsaPublicKey = rsaKey.toRSAPublicKey();
nimbusVerifier = new RSASSAVerifier(rsaKey);
oxauthVerifier = new RSASigner(signatureAlgorithm, new RSAPublicKey(rsaPublicKey.getModulus(), rsaPublicKey.getPublicExponent()));
break;
}
assertNotNull(nimbusVerifier);
assertNotNull(oxauthVerifier);
// Nimbus
assertTrue(signedJWT.verify(nimbusVerifier));
// oxauth cryptoProvider
boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), kid, null, null, jwt.getHeader().getSignatureAlgorithm());
assertTrue(validJwt);
// oxauth verifier
assertTrue(oxauthVerifier.validate(jwt));
}
use of com.nimbusds.jose.jwk.RSAKey in project dhis2-core by dhis2.
the class Jwks method generateRsa.
public static RSAKey generateRsa() {
KeyPair keyPair = KeyGeneratorUtils.generateRsaKey();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
// @formatter:off
return new RSAKey.Builder(publicKey).privateKey(privateKey).keyID(UUID.randomUUID().toString()).build();
// @formatter:on
}
Aggregations