Search in sources :

Example 26 with ECKeyGenerator

use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.

the class TokenHandlerTest method createSignedRefreshToken.

private SignedJWT createSignedRefreshToken() throws JOSEException {
    ECKey ecSigningKey = new ECKeyGenerator(Curve.P_256).keyID("KEY_ID").algorithm(JWSAlgorithm.ES256).generate();
    ECDSASigner signer = new ECDSASigner(ecSigningKey);
    return TokenGeneratorHelper.generateSignedToken(CLIENT_ID, BASE_URI, SCOPES.toStringList(), signer, PUBLIC_SUBJECT, "KEY_ID");
}
Also used : ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner) ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) ECKey(com.nimbusds.jose.jwk.ECKey)

Example 27 with ECKeyGenerator

use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.

the class AccessTokenServiceTest method createSignedAccessToken.

private AccessToken createSignedAccessToken(OIDCClaimsRequest identityClaims, boolean expired) {
    try {
        var expiryDate = expired ? NowHelper.nowMinus(2, ChronoUnit.MINUTES) : NowHelper.nowPlus(3, ChronoUnit.MINUTES);
        var ecSigningKey = new ECKeyGenerator(Curve.P_256).keyID(KEY_ID).algorithm(JWSAlgorithm.ES256).generate();
        var signedJWT = TokenGeneratorHelper.generateSignedToken(CLIENT_ID, BASE_URL, SCOPES, new ECDSASigner(ecSigningKey), SUBJECT, ecSigningKey.getKeyID(), expiryDate, identityClaims);
        return new BearerAccessToken(signedJWT.serialize());
    } catch (JOSEException e) {
        throw new RuntimeException(e);
    }
}
Also used : ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner) ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) BearerAccessToken(com.nimbusds.oauth2.sdk.token.BearerAccessToken) JOSEException(com.nimbusds.jose.JOSEException)

Example 28 with ECKeyGenerator

use of com.nimbusds.jose.jwk.gen.ECKeyGenerator in project di-authentication-api by alphagov.

the class IPVTokenServiceTest method signJWTWithKMS.

private void signJWTWithKMS() throws JOSEException {
    var ecSigningKey = new ECKeyGenerator(Curve.P_256).keyID(KEY_ID).algorithm(JWSAlgorithm.ES256).generate();
    var claimsSet = new JWTAuthenticationClaimsSet(new ClientID(CLIENT_ID), singletonList(new Audience(buildURI(IPV_URI.toString(), "token"))), NowHelper.nowPlus(5, ChronoUnit.MINUTES), null, NowHelper.now(), new JWTID());
    var ecdsaSigner = new ECDSASigner(ecSigningKey);
    var jwsHeader = new JWSHeader.Builder(JWSAlgorithm.ES256).keyID(ecSigningKey.getKeyID()).build();
    var signedJWT = new SignedJWT(jwsHeader, claimsSet.toJWTClaimsSet());
    unchecked(signedJWT::sign).accept(ecdsaSigner);
    var signResult = new SignResult();
    byte[] idTokenSignatureDer = ECDSA.transcodeSignatureToDER(signedJWT.getSignature().decode());
    signResult.setSignature(ByteBuffer.wrap(idTokenSignatureDer));
    signResult.setKeyId(KEY_ID);
    signResult.setSigningAlgorithm(JWSAlgorithm.ES256.getName());
    when(kmsService.sign(any(SignRequest.class))).thenReturn(signResult);
}
Also used : SignResult(com.amazonaws.services.kms.model.SignResult) SignRequest(com.amazonaws.services.kms.model.SignRequest) Audience(com.nimbusds.oauth2.sdk.id.Audience) ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner) ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator) ClientID(com.nimbusds.oauth2.sdk.id.ClientID) JWTID(com.nimbusds.oauth2.sdk.id.JWTID) JWTAuthenticationClaimsSet(com.nimbusds.oauth2.sdk.auth.JWTAuthenticationClaimsSet) SignedJWT(com.nimbusds.jwt.SignedJWT)

Aggregations

ECKeyGenerator (com.nimbusds.jose.jwk.gen.ECKeyGenerator)28 ECDSASigner (com.nimbusds.jose.crypto.ECDSASigner)18 SignedJWT (com.nimbusds.jwt.SignedJWT)17 ECKey (com.nimbusds.jose.jwk.ECKey)13 SignRequest (com.amazonaws.services.kms.model.SignRequest)6 SignResult (com.amazonaws.services.kms.model.SignResult)6 Test (org.junit.jupiter.api.Test)6 APIGatewayProxyResponseEvent (com.amazonaws.services.lambda.runtime.events.APIGatewayProxyResponseEvent)5 JOSEException (com.nimbusds.jose.JOSEException)5 JWSHeader (com.nimbusds.jose.JWSHeader)5 BearerAccessToken (com.nimbusds.oauth2.sdk.token.BearerAccessToken)5 JWEObject (com.nimbusds.jose.JWEObject)4 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)4 JWSSigner (com.nimbusds.jose.JWSSigner)3 RSAKeyGenerator (com.nimbusds.jose.jwk.gen.RSAKeyGenerator)3 AuthorizationCode (com.nimbusds.oauth2.sdk.AuthorizationCode)3 PrivateKeyJWT (com.nimbusds.oauth2.sdk.auth.PrivateKeyJWT)3 OIDCTokenResponse (com.nimbusds.openid.connect.sdk.OIDCTokenResponse)3 OIDCTokens (com.nimbusds.openid.connect.sdk.token.OIDCTokens)3 KeyPair (java.security.KeyPair)3