use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.
the class TokenHandlerTest method createSignedRefreshToken.
private SignedJWT createSignedRefreshToken() throws JOSEException {
ECKey ecSigningKey = new ECKeyGenerator(Curve.P_256).keyID("KEY_ID").algorithm(JWSAlgorithm.ES256).generate();
ECDSASigner signer = new ECDSASigner(ecSigningKey);
return TokenGeneratorHelper.generateSignedToken(CLIENT_ID, BASE_URI, SCOPES.toStringList(), signer, PUBLIC_SUBJECT, "KEY_ID");
}
use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.
the class AccessTokenServiceTest method createSignedAccessToken.
private AccessToken createSignedAccessToken(OIDCClaimsRequest identityClaims, boolean expired) {
try {
var expiryDate = expired ? NowHelper.nowMinus(2, ChronoUnit.MINUTES) : NowHelper.nowPlus(3, ChronoUnit.MINUTES);
var ecSigningKey = new ECKeyGenerator(Curve.P_256).keyID(KEY_ID).algorithm(JWSAlgorithm.ES256).generate();
var signedJWT = TokenGeneratorHelper.generateSignedToken(CLIENT_ID, BASE_URL, SCOPES, new ECDSASigner(ecSigningKey), SUBJECT, ecSigningKey.getKeyID(), expiryDate, identityClaims);
return new BearerAccessToken(signedJWT.serialize());
} catch (JOSEException e) {
throw new RuntimeException(e);
}
}
use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.
the class IPVTokenServiceTest method signJWTWithKMS.
private void signJWTWithKMS() throws JOSEException {
var ecSigningKey = new ECKeyGenerator(Curve.P_256).keyID(KEY_ID).algorithm(JWSAlgorithm.ES256).generate();
var claimsSet = new JWTAuthenticationClaimsSet(new ClientID(CLIENT_ID), singletonList(new Audience(buildURI(IPV_URI.toString(), "token"))), NowHelper.nowPlus(5, ChronoUnit.MINUTES), null, NowHelper.now(), new JWTID());
var ecdsaSigner = new ECDSASigner(ecSigningKey);
var jwsHeader = new JWSHeader.Builder(JWSAlgorithm.ES256).keyID(ecSigningKey.getKeyID()).build();
var signedJWT = new SignedJWT(jwsHeader, claimsSet.toJWTClaimsSet());
unchecked(signedJWT::sign).accept(ecdsaSigner);
var signResult = new SignResult();
byte[] idTokenSignatureDer = ECDSA.transcodeSignatureToDER(signedJWT.getSignature().decode());
signResult.setSignature(ByteBuffer.wrap(idTokenSignatureDer));
signResult.setKeyId(KEY_ID);
signResult.setSigningAlgorithm(JWSAlgorithm.ES256.getName());
when(kmsService.sign(any(SignRequest.class))).thenReturn(signResult);
}
Aggregations