Examples with ECKeyGenerator com.nimbusds.jose.jwk.gen.ECKeyGenerator used on opensource projects

Search in sources :

Example 11 with ECKeyGenerator

use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.

the class IPVAuthorisationServiceTest method shouldConstructASignedRequestJWT.

@Test
void shouldConstructASignedRequestJWT() throws JOSEException, ParseException {
    var ecSigningKey = new ECKeyGenerator(Curve.P_256).keyID(KEY_ID).algorithm(JWSAlgorithm.ES256).generate();
    var ecdsaSigner = new ECDSASigner(ecSigningKey);
    var jwtClaimsSet = new JWTClaimsSet.Builder().build();
    var jwsHeader = new JWSHeader(JWSAlgorithm.ES256);
    var signedJWT = new SignedJWT(jwsHeader, jwtClaimsSet);
    signedJWT.sign(ecdsaSigner);
    var signResult = new SignResult();
    byte[] signatureToDER = ECDSA.transcodeSignatureToDER(signedJWT.getSignature().decode());
    signResult.setSignature(ByteBuffer.wrap(signatureToDER));
    signResult.setKeyId(KEY_ID);
    signResult.setSigningAlgorithm(JWSAlgorithm.ES256.getName());
    when(kmsConnectionService.sign(any(SignRequest.class))).thenReturn(signResult);
    var state = new State();
    var nonce = new Nonce();
    var scope = new Scope(OIDCScopeValue.OPENID);
    var pairwise = new Subject("pairwise-identifier");
    var claims = "{\"name\":{\"essential\":true}}";
    var encryptedJWT = authorisationService.constructRequestJWT(state, nonce, scope, pairwise, claims);
    var signedJWTResponse = decryptJWT(encryptedJWT);
    assertThat(signedJWTResponse.getJWTClaimsSet().getClaim("client_id"), equalTo(IPV_CLIENT_ID));
    assertThat(signedJWTResponse.getJWTClaimsSet().getClaim("state"), equalTo(state.getValue()));
    assertThat(signedJWTResponse.getJWTClaimsSet().getClaim("nonce"), equalTo(nonce.getValue()));
    assertThat(signedJWTResponse.getJWTClaimsSet().getSubject(), equalTo(pairwise.getValue()));
    assertThat(signedJWTResponse.getJWTClaimsSet().getClaim("scope"), equalTo(scope.toString()));
    assertThat(signedJWTResponse.getJWTClaimsSet().getIssuer(), equalTo(IPV_CLIENT_ID));
    assertThat(signedJWTResponse.getJWTClaimsSet().getAudience(), equalTo(singletonList(IPV_URI.toString())));
    assertThat(signedJWTResponse.getJWTClaimsSet().getClaim("response_type"), equalTo("code"));
    assertThat(signedJWTResponse.getJWTClaimsSet().getClaim("claims"), equalTo(claims));
}
Also used : SignResult(com.amazonaws.services.kms.model.SignResult) SignRequest(com.amazonaws.services.kms.model.SignRequest) ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner) ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) SignedJWT(com.nimbusds.jwt.SignedJWT) Subject(com.nimbusds.oauth2.sdk.id.Subject) Nonce(com.nimbusds.openid.connect.sdk.Nonce) Scope(com.nimbusds.oauth2.sdk.Scope) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) State(com.nimbusds.oauth2.sdk.id.State) JWSHeader(com.nimbusds.jose.JWSHeader) Test(org.junit.jupiter.api.Test)

Example 12 with ECKeyGenerator

use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.

the class IPVAuthorisationHandlerTest method createEncryptedJWT.

private EncryptedJWT createEncryptedJWT() throws JOSEException, ParseException {
    var ecSigningKey = new ECKeyGenerator(Curve.P_256).keyID("key-id").algorithm(JWSAlgorithm.ES256).generate();
    var ecdsaSigner = new ECDSASigner(ecSigningKey);
    var jwtClaimsSet = new JWTClaimsSet.Builder().claim("redirect_uri", REDIRECT_URI).claim("response_type", ResponseType.CODE.toString()).claim("client_id", CLIENT_ID).issuer(CLIENT_ID).build();
    var jwsHeader = new JWSHeader(JWSAlgorithm.ES256);
    var signedJWT = new SignedJWT(jwsHeader, jwtClaimsSet);
    signedJWT.sign(ecdsaSigner);
    var rsaEncryptionKey = new RSAKeyGenerator(2048).keyID("encrytion-key-id").generate().toRSAPublicKey();
    var jweObject = new JWEObject(new JWEHeader.Builder(JWEAlgorithm.RSA_OAEP_256, EncryptionMethod.A256GCM).contentType("JWT").build(), new Payload(signedJWT));
    jweObject.encrypt(new RSAEncrypter(rsaEncryptionKey));
    return EncryptedJWT.parse(jweObject.serialize());
}
Also used : ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner) RSAEncrypter(com.nimbusds.jose.crypto.RSAEncrypter) ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) RSAKeyGenerator(com.nimbusds.jose.jwk.gen.RSAKeyGenerator) SignedJWT(com.nimbusds.jwt.SignedJWT) JWEHeader(com.nimbusds.jose.JWEHeader) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) JWEObject(com.nimbusds.jose.JWEObject) Payload(com.nimbusds.jose.Payload) JWSHeader(com.nimbusds.jose.JWSHeader)

Example 13 with ECKeyGenerator

use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project conformance-suite by openid-certification.

the class OIDCCGenerateServerJWKs method createKeys.

/**
 * @param keyCount
 * @param keyType EC, RSA or OKP
 * @param keyUse if null keys won't have use
 * @param algorithm if null keys won't have alg
 * @throws JOSEException
 */
protected void createKeys(int keyCount, KeyType keyType, KeyUse keyUse, Algorithm algorithm, Curve curveForECKeys) throws JOSEException {
    if (keyCount < 1) {
        return;
    }
    int whichKeyToUse = getIndexOfKeyToUse(keyCount);
    for (int i = 0; i < keyCount; i++) {
        JWKGenerator<? extends JWK> jwkGenerator = null;
        if (KeyType.EC.equals(keyType)) {
            jwkGenerator = new ECKeyGenerator(curveForECKeys);
        } else if (KeyType.RSA.equals(keyType)) {
            jwkGenerator = new RSAKeyGenerator(rsaKeySize);
        } else if (KeyType.OKP.equals(keyType)) {
            jwkGenerator = new OctetKeyPairGenerator(edCurve);
        }
        if (keyUse != null) {
            jwkGenerator.keyUse(keyUse);
        }
        if (generateKids) {
            jwkGenerator.keyID(UUID.randomUUID().toString());
        }
        if (algorithm != null) {
            jwkGenerator.algorithm(algorithm);
        }
        JWK generatedJWK = jwkGenerator.generate();
        allGeneratedKeys.add(generatedJWK);
        if (keyUse.equals(KeyUse.ENCRYPTION)) {
            encryptionKeysToBeUsed.add(generatedJWK);
        }
        if (i == whichKeyToUse && (keyUse.equals(KeyUse.SIGNATURE))) {
            signingKeyToBeUsed.add(generatedJWK);
        }
    }
}
Also used : ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) RSAKeyGenerator(com.nimbusds.jose.jwk.gen.RSAKeyGenerator) OctetKeyPairGenerator(com.nimbusds.jose.jwk.gen.OctetKeyPairGenerator) JWK(com.nimbusds.jose.jwk.JWK)

Example 14 with ECKeyGenerator

use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.

the class AccessTokenServiceTest method createSignedExpiredAccessToken.

private AccessToken createSignedExpiredAccessToken() throws JOSEException {
    LocalDateTime localDateTime = LocalDateTime.now().minusMinutes(2);
    Date expiryDate = Date.from(localDateTime.atZone(ZoneId.of("UTC")).toInstant());
    ECKey ecSigningKey = new ECKeyGenerator(Curve.P_256).keyID(KEY_ID).algorithm(JWSAlgorithm.ES256).generate();
    ECDSASigner signer = new ECDSASigner(ecSigningKey);
    SignedJWT signedJWT = TokenGeneratorHelper.generateSignedToken(CLIENT_ID, BASE_URL, SCOPES, signer, SUBJECT, ecSigningKey.getKeyID(), expiryDate);
    return new BearerAccessToken(signedJWT.serialize());
}
Also used : LocalDateTime(java.time.LocalDateTime) ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner) ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) ECKey(com.nimbusds.jose.jwk.ECKey) SignedJWT(com.nimbusds.jwt.SignedJWT) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) Date(java.util.Date)

Example 15 with ECKeyGenerator

use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.

the class TokenGeneratorHelper method generateSignedTokenWithGeneratedKey.

public static SignedJWT generateSignedTokenWithGeneratedKey(String clientId, String issuerUrl, List<String> scopes, Subject subject) throws JOSEException {
    ECKey ecSigningKey = new ECKeyGenerator(Curve.P_256).keyID(KEY_ID).algorithm(JWSAlgorithm.ES256).generate();
    ECDSASigner signer = new ECDSASigner(ecSigningKey);
    return generateSignedToken(clientId, issuerUrl, scopes, signer, subject, KEY_ID);
}
Also used : ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner) ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) ECKey(com.nimbusds.jose.jwk.ECKey)

Aggregations

ECKeyGenerator (com.nimbusds.jose.jwk.gen.ECKeyGenerator)28 ECDSASigner (com.nimbusds.jose.crypto.ECDSASigner)18 SignedJWT (com.nimbusds.jwt.SignedJWT)17 ECKey (com.nimbusds.jose.jwk.ECKey)13 SignRequest (com.amazonaws.services.kms.model.SignRequest)6 SignResult (com.amazonaws.services.kms.model.SignResult)6 Test (org.junit.jupiter.api.Test)6 APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)5 JOSEException (com.nimbusds.jose.JOSEException)5 JWSHeader (com.nimbusds.jose.JWSHeader)5 BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)5 JWEObject (com.nimbusds.jose.JWEObject)4 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)4 JWSSigner (com.nimbusds.jose.JWSSigner)3 RSAKeyGenerator (com.nimbusds.jose.jwk.gen.RSAKeyGenerator)3 AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)3 PrivateKeyJWT (com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT)3 OIDCTokenResponse (com.nimbusds.openid.connect.sdk.OIDCTokenResponse)3 OIDCTokens (com.nimbusds.openid.connect.sdk.token.OIDCTokens)3 KeyPair (java.security.KeyPair)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial