Examples with ECKeyGenerator com.nimbusds.jose.jwk.gen.ECKeyGenerator used on opensource projects

Search in sources :

Example 16 with ECKeyGenerator

use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.

the class UserInfoServiceTest method createSignedAccessToken.

private AccessToken createSignedAccessToken(OIDCClaimsRequest identityClaims) throws JOSEException {
    var expiryDate = NowHelper.nowPlus(3, ChronoUnit.MINUTES);
    var ecSigningKey = new ECKeyGenerator(Curve.P_256).keyID(KEY_ID).algorithm(JWSAlgorithm.ES256).generate();
    var signer = new ECDSASigner(ecSigningKey);
    var signedJWT = TokenGeneratorHelper.generateSignedToken(CLIENT_ID, BASE_URL, SCOPES, signer, SUBJECT, ecSigningKey.getKeyID(), expiryDate, identityClaims);
    return new BearerAccessToken(signedJWT.serialize());
}
Also used : ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner) ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken)

Example 17 with ECKeyGenerator

use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.

the class TokenServiceTest method createSignedIdToken.

private void createSignedIdToken() throws JOSEException {
    ECKey ecSigningKey = new ECKeyGenerator(Curve.P_256).keyID(KEY_ID).algorithm(JWSAlgorithm.ES256).generate();
    ECDSASigner ecdsaSigner = new ECDSASigner(ecSigningKey);
    SignedJWT signedIdToken = createSignedIdToken(ecSigningKey);
    SignResult idTokenSignedResult = new SignResult();
    byte[] idTokenSignatureDer = ECDSA.transcodeSignatureToDER(signedIdToken.getSignature().decode());
    idTokenSignedResult.setSignature(ByteBuffer.wrap(idTokenSignatureDer));
    idTokenSignedResult.setKeyId(KEY_ID);
    idTokenSignedResult.setSigningAlgorithm(JWSAlgorithm.ES256.getName());
    when(kmsConnectionService.sign(any(SignRequest.class))).thenReturn(idTokenSignedResult);
}
Also used : SignResult(com.amazonaws.services.kms.model.SignResult) SignRequest(com.amazonaws.services.kms.model.SignRequest) ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner) ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) ECKey(com.nimbusds.jose.jwk.ECKey) SignedJWT(com.nimbusds.jwt.SignedJWT)

Example 18 with ECKeyGenerator

use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.

the class TokenServiceTest method createSignedAccessToken.

private void createSignedAccessToken() throws JOSEException {
    ECKey ecSigningKey = new ECKeyGenerator(Curve.P_256).keyID(KEY_ID).algorithm(JWSAlgorithm.ES256).generate();
    ECDSASigner signer = new ECDSASigner(ecSigningKey);
    SignedJWT signedJWT = TokenGeneratorHelper.generateSignedToken(CLIENT_ID, BASE_URL, SCOPES.toStringList(), signer, PUBLIC_SUBJECT, ecSigningKey.getKeyID());
    SignResult accessTokenResult = new SignResult();
    byte[] accessTokenSignatureDer = ECDSA.transcodeSignatureToDER(signedJWT.getSignature().decode());
    accessTokenResult.setSignature(ByteBuffer.wrap(accessTokenSignatureDer));
    accessTokenResult.setKeyId(KEY_ID);
    accessTokenResult.setSigningAlgorithm(JWSAlgorithm.ES256.getName());
    when(kmsConnectionService.sign(any(SignRequest.class))).thenReturn(accessTokenResult);
}
Also used : SignResult(com.amazonaws.services.kms.model.SignResult) SignRequest(com.amazonaws.services.kms.model.SignRequest) ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner) ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) ECKey(com.nimbusds.jose.jwk.ECKey) SignedJWT(com.nimbusds.jwt.SignedJWT)

Example 19 with ECKeyGenerator

use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.

the class ConfigurationServiceTest method getDocAppCredentialSigningPublicKeyShouldGetECPublicKeyObjectFromParameterStorePEM.

@Test
void getDocAppCredentialSigningPublicKeyShouldGetECPublicKeyObjectFromParameterStorePEM() throws JOSEException {
    var privateKey = new ECKeyGenerator(Curve.P_256).keyID("my-key-id").generate();
    var publicKey = privateKey.toPublicJWK();
    var pem = publicKeyToPem(publicKey);
    var ssmClient = mock(AWSSimpleSystemsManagement.class);
    var request = new GetParameterRequest().withWithDecryption(true).withName("test-doc-app-public-signing-key");
    when(ssmClient.getParameter(eq(request))).thenReturn(new GetParameterResult().withParameter(new Parameter().withName("test-doc-app-public-signing-key").withValue(pem)));
    ConfigurationService configurationService = new ConfigurationService(ssmClient);
    var result = configurationService.getDocAppCredentialSigningPublicKey();
    assertThat(result, equalTo(publicKey.toECPublicKey(new BouncyCastleProvider())));
}
Also used : GetParameterRequest(com.amazonaws.services.simplesystemsmanagement.model.GetParameterRequest) GetParameterResult(com.amazonaws.services.simplesystemsmanagement.model.GetParameterResult) ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) Parameter(com.amazonaws.services.simplesystemsmanagement.model.Parameter) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) Test(org.junit.jupiter.api.Test)

Example 20 with ECKeyGenerator

use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.

the class DocAppAuthorisationServiceTest method shouldConstructASignedRequestJWT.

@Test
void shouldConstructASignedRequestJWT() throws JOSEException, ParseException {
    var ecSigningKey = new ECKeyGenerator(Curve.P_256).keyID(KEY_ID).algorithm(JWSAlgorithm.ES256).generate();
    var ecdsaSigner = new ECDSASigner(ecSigningKey);
    var jwtClaimsSet = new JWTClaimsSet.Builder().build();
    var jwsHeader = new JWSHeader(JWSAlgorithm.ES256);
    var signedJWT = new SignedJWT(jwsHeader, jwtClaimsSet);
    signedJWT.sign(ecdsaSigner);
    var signResult = new SignResult();
    byte[] signatureToDER = ECDSA.transcodeSignatureToDER(signedJWT.getSignature().decode());
    signResult.setSignature(ByteBuffer.wrap(signatureToDER));
    signResult.setKeyId(KEY_ID);
    signResult.setSigningAlgorithm(JWSAlgorithm.ES256.getName());
    when(kmsConnectionService.sign(any(SignRequest.class))).thenReturn(signResult);
    var state = new State();
    var pairwise = new Subject("pairwise-identifier");
    var encryptedJWT = authorisationService.constructRequestJWT(state, pairwise);
    var signedJWTResponse = decryptJWT(encryptedJWT);
    assertThat(signedJWTResponse.getJWTClaimsSet().getClaim("client_id"), equalTo(DOC_APP_CLIENT_ID));
    assertThat(signedJWTResponse.getJWTClaimsSet().getClaim("state"), equalTo(state.getValue()));
    assertThat(signedJWTResponse.getJWTClaimsSet().getSubject(), equalTo(pairwise.getValue()));
    assertThat(signedJWTResponse.getJWTClaimsSet().getIssuer(), equalTo(DOC_APP_CLIENT_ID));
    assertThat(signedJWTResponse.getJWTClaimsSet().getAudience(), equalTo(singletonList(DOC_APP_AUTHORISATION_URI.toString())));
    assertThat(signedJWTResponse.getJWTClaimsSet().getClaim("response_type"), equalTo("code"));
}
Also used : SignResult(com.amazonaws.services.kms.model.SignResult) SignRequest(com.amazonaws.services.kms.model.SignRequest) ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) State(com.nimbusds.oauth2.sdk.id.State) ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) SignedJWT(com.nimbusds.jwt.SignedJWT) JWSHeader(com.nimbusds.jose.JWSHeader) Subject(com.nimbusds.oauth2.sdk.id.Subject) Test(org.junit.jupiter.api.Test)

Aggregations

ECKeyGenerator (com.nimbusds.jose.jwk.gen.ECKeyGenerator)28 ECDSASigner (com.nimbusds.jose.crypto.ECDSASigner)18 SignedJWT (com.nimbusds.jwt.SignedJWT)17 ECKey (com.nimbusds.jose.jwk.ECKey)13 SignRequest (com.amazonaws.services.kms.model.SignRequest)6 SignResult (com.amazonaws.services.kms.model.SignResult)6 Test (org.junit.jupiter.api.Test)6 APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)5 JOSEException (com.nimbusds.jose.JOSEException)5 JWSHeader (com.nimbusds.jose.JWSHeader)5 BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)5 JWEObject (com.nimbusds.jose.JWEObject)4 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)4 JWSSigner (com.nimbusds.jose.JWSSigner)3 RSAKeyGenerator (com.nimbusds.jose.jwk.gen.RSAKeyGenerator)3 AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)3 PrivateKeyJWT (com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT)3 OIDCTokenResponse (com.nimbusds.openid.connect.sdk.OIDCTokenResponse)3 OIDCTokens (com.nimbusds.openid.connect.sdk.token.OIDCTokens)3 KeyPair (java.security.KeyPair)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial