Example 26 with RSAKey
use of com.nimbusds.jose.jwk.RSAKey in project oxAuth by GluuFederation.
the class CrossEncryptionTest method testDecryptWithGluuDecrypter.
public boolean testDecryptWithGluuDecrypter(String jwe) {
try {
JWK jwk = JWK.parse(recipientJwkJson);
RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey();
JweDecrypterImpl decrypter = new JweDecrypterImpl(rsaPrivateKey);
decrypter.setKeyEncryptionAlgorithm(KeyEncryptionAlgorithm.RSA_OAEP);
decrypter.setBlockEncryptionAlgorithm(BlockEncryptionAlgorithm.A128GCM);
final String decryptedPayload = decrypter.decrypt(jwe).getClaims().toJsonString().toString();
System.out.println("Gluu decrypt succeed: " + decryptedPayload);
if (isJsonEqual(decryptedPayload, PAYLOAD)) {
return true;
}
} catch (Exception e) {
System.out.println("Gluu decrypt failed: " + e.getMessage());
e.printStackTrace();
}
return false;
}
Also used :
RSAKey(com.nimbusds.jose.jwk.RSAKey)
JweDecrypterImpl(org.gluu.oxauth.model.jwe.JweDecrypterImpl)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
JSONException(org.json.JSONException)
ParseException(java.text.ParseException)
InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException)
IOException(java.io.IOException)
InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException)
JWK(com.nimbusds.jose.jwk.JWK)
Example 27 with RSAKey
use of com.nimbusds.jose.jwk.RSAKey in project oxAuth by GluuFederation.
the class CrossEncryptionTest method decryptAndValidateSignatureWithGluu.
private void decryptAndValidateSignatureWithGluu(String jweString) throws ParseException, JOSEException, InvalidJweException, JSONException, InvalidJwtException {
JWK jwk = JWK.parse(recipientJwkJson);
RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey();
JweDecrypterImpl decrypter = new JweDecrypterImpl(rsaPrivateKey);
decrypter.setKeyEncryptionAlgorithm(KeyEncryptionAlgorithm.RSA_OAEP);
decrypter.setBlockEncryptionAlgorithm(BlockEncryptionAlgorithm.A128GCM);
final Jwe jwe = decrypter.decrypt(jweString);
assertEquals(JwtType.JWT, jwe.getHeader().getContentType());
final Jwt jwt = jwe.getSignedJWTPayload();
Assert.assertTrue(new RSASigner(SignatureAlgorithm.RS256, getSenderPublicKey()).validate(jwt));
System.out.println("Gluu decrypt and nested jwt signature verification succeed: " + jwt.getClaims().toJsonString());
}
Also used :
RSAKey(com.nimbusds.jose.jwk.RSAKey)
JweDecrypterImpl(org.gluu.oxauth.model.jwe.JweDecrypterImpl)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
RSASigner(org.gluu.oxauth.model.jws.RSASigner)
Jwe(org.gluu.oxauth.model.jwe.Jwe)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
JWK(com.nimbusds.jose.jwk.JWK)
Example 28 with RSAKey
use of com.nimbusds.jose.jwk.RSAKey in project oxAuth by GluuFederation.
the class CrossEncryptionTest method nestedJWT.
@Test
public void nestedJWT() throws Exception {
RSAKey senderJWK = (RSAKey) JWK.parse(senderJwkJson);
RSAKey recipientPublicJWK = (RSAKey) (JWK.parse(recipientJwkJson));
// Create JWT
SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(senderJWK.getKeyID()).build(), new JWTClaimsSet.Builder().subject("testi").issuer("https:devgluu.saminet.local").build());
signedJWT.sign(new RSASSASigner(senderJWK));
JWEObject jweObject = new JWEObject(new JWEHeader.Builder(JWEAlgorithm.RSA_OAEP, EncryptionMethod.A128GCM).contentType(// required to indicate nested JWT
"JWT").build(), new Payload(signedJWT));
// Encrypt with the recipient's public key
RSAEncrypter encrypter = new RSAEncrypter(recipientPublicJWK);
jweObject.encrypt(encrypter);
final String jweString = jweObject.serialize();
decryptAndValidateSignatureWithGluu(jweString);
}
Also used :
RSAKey(com.nimbusds.jose.jwk.RSAKey)
RSAEncrypter(com.nimbusds.jose.crypto.RSAEncrypter)
RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Test(org.testng.annotations.Test)
Example 29 with RSAKey
use of com.nimbusds.jose.jwk.RSAKey in project oxAuth by GluuFederation.
the class JwtCrossCheckTest method validate.
private static void validate(String jwtAsString, OxAuthCryptoProvider cryptoProvider, String kid, SignatureAlgorithm signatureAlgorithm) throws Exception {
SignedJWT signedJWT = SignedJWT.parse(jwtAsString);
Jwt jwt = Jwt.parse(jwtAsString);
JWSVerifier nimbusVerifier = null;
AbstractJwsSigner oxauthVerifier = null;
switch(signatureAlgorithm.getFamily()) {
case EC:
final ECKey ecKey = ECKey.load(cryptoProvider.getKeyStore(), kid, cryptoProvider.getKeyStoreSecret().toCharArray());
final ECPublicKey ecPublicKey = ecKey.toECPublicKey();
nimbusVerifier = new ECDSAVerifier(ecKey);
oxauthVerifier = new ECDSASigner(jwt.getHeader().getSignatureAlgorithm(), new ECDSAPublicKey(jwt.getHeader().getSignatureAlgorithm(), ecPublicKey.getW().getAffineX(), ecPublicKey.getW().getAffineY()));
break;
case RSA:
RSAKey rsaKey = RSAKey.load(cryptoProvider.getKeyStore(), kid, cryptoProvider.getKeyStoreSecret().toCharArray());
final java.security.interfaces.RSAPublicKey rsaPublicKey = rsaKey.toRSAPublicKey();
nimbusVerifier = new RSASSAVerifier(rsaKey);
oxauthVerifier = new RSASigner(signatureAlgorithm, new RSAPublicKey(rsaPublicKey.getModulus(), rsaPublicKey.getPublicExponent()));
break;
}
assertNotNull(nimbusVerifier);
assertNotNull(oxauthVerifier);
// Nimbus
assertTrue(signedJWT.verify(nimbusVerifier));
// oxauth cryptoProvider
boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), kid, null, null, jwt.getHeader().getSignatureAlgorithm());
assertTrue(validJwt);
// oxauth verifier
assertTrue(oxauthVerifier.validate(jwt));
}
Also used :
RSAKey(com.nimbusds.jose.jwk.RSAKey)
ECDSASigner(org.gluu.oxauth.model.jws.ECDSASigner)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
JWSVerifier(com.nimbusds.jose.JWSVerifier)
AbstractJwsSigner(org.gluu.oxauth.model.jws.AbstractJwsSigner)
ECKey(com.nimbusds.jose.jwk.ECKey)
SignedJWT(com.nimbusds.jwt.SignedJWT)
ECDSAVerifier(com.nimbusds.jose.crypto.ECDSAVerifier)
ECPublicKey(java.security.interfaces.ECPublicKey)
RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey)
RSASigner(org.gluu.oxauth.model.jws.RSASigner)
ECDSAPublicKey(org.gluu.oxauth.model.crypto.signature.ECDSAPublicKey)
Example 30 with RSAKey
use of com.nimbusds.jose.jwk.RSAKey in project dhis2-core by dhis2.
the class Jwks method generateRsa.
public static RSAKey generateRsa() {
KeyPair keyPair = KeyGeneratorUtils.generateRsaKey();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
// @formatter:off
return new RSAKey.Builder(publicKey).privateKey(privateKey).keyID(UUID.randomUUID().toString()).build();
// @formatter:on
}
Also used :
KeyPair(java.security.KeyPair)
RSAKey(com.nimbusds.jose.jwk.RSAKey)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
Aggregations
RSAKey (com.nimbusds.jose.jwk.RSAKey)36
Test (org.junit.jupiter.api.Test)14
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)10
SignedJWT (com.nimbusds.jwt.SignedJWT)9
ParseException (java.text.ParseException)9
RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)8
JWK (com.nimbusds.jose.jwk.JWK)8
IOException (java.io.IOException)6
JOSEException (com.nimbusds.jose.JOSEException)5
JWKSelector (com.nimbusds.jose.jwk.JWKSelector)5
SecurityContext (com.nimbusds.jose.proc.SecurityContext)5
InvalidJweException (org.gluu.oxauth.model.exception.InvalidJweException)5
InvalidJwtException (org.gluu.oxauth.model.exception.InvalidJwtException)5
JSONException (org.json.JSONException)5
RSADecrypter (com.nimbusds.jose.crypto.RSADecrypter)4
Base64URL (com.nimbusds.jose.util.Base64URL)4
RSAPublicKey (java.security.interfaces.RSAPublicKey)4
JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)3
JWSVerifier (com.nimbusds.jose.JWSVerifier)3
RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)3
