Example 1 with ECKey
use of io.gravitee.am.model.jose.ECKey in project gravitee-access-management by gravitee-io.
the class DynamicClientRegistrationResponseTest method convert.
@Test
public void convert() {
RSAKey rsaKey = new RSAKey();
rsaKey.setKty("RSA");
rsaKey.setKid("kidRSA");
rsaKey.setUse("enc");
rsaKey.setE("exponent");
rsaKey.setN("modulus");
ECKey ecKey = new ECKey();
ecKey.setKty("EC");
ecKey.setKid("kidEC");
ecKey.setUse("enc");
ecKey.setCrv("P-256");
ecKey.setX("vBT2JhFHd62Jcf4yyBzSV9NuDBNBssR1zlmnHelgZcs");
ecKey.setY("up8E8b3TjeKS2v2GCH23UJP0bak0La77lkQ7_n4djqE");
OKPKey okpKey = new OKPKey();
okpKey.setKty("OKP");
okpKey.setKid("kidOKP");
okpKey.setCrv("Ed25519");
okpKey.setX("vBNW8f19leF79U4U6NrDDQaK_i5kL0iMKghB39AUT2I");
OCTKey octKey = new OCTKey();
octKey.setKty("oct");
octKey.setKid("kidOCT");
octKey.setK("FdFYFzERwC2uCBB46pZQi4GG85LujR8obt-KWRBICVQ");
JWKSet jwkSet = new JWKSet();
jwkSet.setKeys(Arrays.asList(rsaKey, ecKey, okpKey, octKey));
Client client = new Client();
client.setClientId("clientId");
client.setClientName("clientName");
client.setJwks(jwkSet);
DynamicClientRegistrationResponse response = DynamicClientRegistrationResponse.fromClient(client);
assertNotNull("expecting response", response);
assertEquals(response.getClientId(), "clientId");
assertEquals(response.getClientName(), "clientName");
assertTrue(response.getJwks().getKeys().size() == 4);
}Example 2 with ECKey
use of io.gravitee.am.model.jose.ECKey in project gravitee-access-management by gravitee-io.
the class JWSServiceTest method testValidSignature_EC.
@Test
public void testValidSignature_EC() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, JOSEException {
// Generate EC key
KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC");
ECGenParameterSpec gps = new ECGenParameterSpec(Curve.P_521.getStdName());
kpg.initialize(gps);
KeyPair ecKey = kpg.generateKeyPair();
ECPublicKey ecPublicKey = (ECPublicKey) ecKey.getPublic();
ECKey key = new ECKey();
key.setKty("EC");
key.setKid(KID);
key.setCrv(Curve.P_521.getName());
key.setX(Base64.getUrlEncoder().encodeToString(ecPublicKey.getW().getAffineX().toByteArray()));
key.setY(Base64.getUrlEncoder().encodeToString(ecPublicKey.getW().getAffineY().toByteArray()));
// Sign JWT with Elliptic Curve algorithm
SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.ES512).keyID(KID).build(), new JWTClaimsSet.Builder().expirationTime(Date.from(Instant.now().plus(1, ChronoUnit.DAYS))).build());
signedJWT.sign(new ECDSASigner((ECPrivateKey) ecKey.getPrivate()));
assertTrue("Should be ok", jwsService.isValidSignature(signedJWT, key));
}
Also used :
ECPrivateKey(java.security.interfaces.ECPrivateKey)
KeyPair(java.security.KeyPair)
OctetKeyPair(com.nimbusds.jose.jwk.OctetKeyPair)
ECPublicKey(java.security.interfaces.ECPublicKey)
ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
ECGenParameterSpec(java.security.spec.ECGenParameterSpec)
ECKey(io.gravitee.am.model.jose.ECKey)
OctetKeyPairGenerator(com.nimbusds.jose.jwk.gen.OctetKeyPairGenerator)
KeyPairGenerator(java.security.KeyPairGenerator)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JWSHeader(com.nimbusds.jose.JWSHeader)
Test(org.junit.Test)
Example 3 with ECKey
use of io.gravitee.am.model.jose.ECKey in project gravitee-access-management by gravitee-io.
the class JWEEllipticCurveTest method encryptIdToken.
@Test
public void encryptIdToken() {
try {
// prepare encryption private & public key
com.nimbusds.jose.jwk.ECKey jwk = new ECKeyGenerator(this.crv).generate();
ECKey key = new ECKey();
key.setKid("ecEnc");
key.setUse("enc");
key.setCrv(jwk.getCurve().getName());
key.setX(jwk.getX().toString());
key.setY(jwk.getY().toString());
Client client = new Client();
client.setIdTokenEncryptedResponseAlg(alg);
client.setIdTokenEncryptedResponseEnc(enc);
when(jwkService.getKeys(client)).thenReturn(Maybe.just(new JWKSet()));
when(jwkService.filter(any(), any())).thenReturn(Maybe.just(key));
TestObserver testObserver = jweService.encryptIdToken("JWT", client).test();
testObserver.assertNoErrors();
testObserver.assertComplete();
testObserver.assertValue(jweString -> {
JWEObject jwe = JWEObject.parse((String) jweString);
jwe.decrypt(new ECDHDecrypter(jwk));
return "JWT".equals(jwe.getPayload().toString());
});
} catch (JOSEException e) {
fail(e.getMessage());
}
}
Also used :
ECDHDecrypter(com.nimbusds.jose.crypto.ECDHDecrypter)
JWEObject(com.nimbusds.jose.JWEObject)
JWKSet(io.gravitee.am.model.oidc.JWKSet)
ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator)
ECKey(io.gravitee.am.model.jose.ECKey)
Client(io.gravitee.am.model.oidc.Client)
JOSEException(com.nimbusds.jose.JOSEException)
TestObserver(io.reactivex.observers.TestObserver)
Test(org.junit.Test)
Example 4 with ECKey
use of io.gravitee.am.model.jose.ECKey in project gravitee-access-management by gravitee-io.
the class JWEEllipticCurveTest method encryptUserinfo.
@Test
public void encryptUserinfo() {
try {
// prepare encryption private & public key
com.nimbusds.jose.jwk.ECKey jwk = new ECKeyGenerator(this.crv).generate();
ECKey key = new ECKey();
key.setKid("ecEnc");
key.setUse("enc");
key.setCrv(jwk.getCurve().getName());
key.setX(jwk.getX().toString());
key.setY(jwk.getY().toString());
Client client = new Client();
client.setUserinfoEncryptedResponseAlg(alg);
client.setUserinfoEncryptedResponseEnc(enc);
when(jwkService.getKeys(client)).thenReturn(Maybe.just(new JWKSet()));
when(jwkService.filter(any(), any())).thenReturn(Maybe.just(key));
TestObserver testObserver = jweService.encryptUserinfo("JWT", client).test();
testObserver.assertNoErrors();
testObserver.assertComplete();
testObserver.assertValue(jweString -> {
JWEObject jwe = JWEObject.parse((String) jweString);
jwe.decrypt(new ECDHDecrypter(jwk));
return "JWT".equals(jwe.getPayload().toString());
});
} catch (JOSEException e) {
fail(e.getMessage());
}
}
Also used :
ECDHDecrypter(com.nimbusds.jose.crypto.ECDHDecrypter)
JWEObject(com.nimbusds.jose.JWEObject)
JWKSet(io.gravitee.am.model.oidc.JWKSet)
ECKeyGenerator(com.nimbusds.jose.jwk.gen.ECKeyGenerator)
ECKey(io.gravitee.am.model.jose.ECKey)
Client(io.gravitee.am.model.oidc.Client)
JOSEException(com.nimbusds.jose.JOSEException)
TestObserver(io.reactivex.observers.TestObserver)
Test(org.junit.Test)
Example 5 with ECKey
use of io.gravitee.am.model.jose.ECKey in project gravitee-access-management by gravitee-io.
the class JsonMapperTest method testJWKDeserialization.
@Test
public void testJWKDeserialization() {
ECKey eck = new ECKey();
eck.setCrv("CrvValue");
eck.setD("Dva");
eck.setX("Xva");
eck.setY("Yva");
eck.setAlg("Algo");
eck.setKeyOps(new HashSet<>(Arrays.asList("4", "ops")));
eck.setKid("kidval");
eck.setUse("usesomething");
eck.setX5t("x5tval");
eck.setX5u("x5uval");
String json = JSONMapper.toJson(eck);
JWK jwk = JSONMapper.toBean(json, ECKey.class);
assertEquals(eck.getCrv(), ((ECKey) jwk).getCrv());
assertEquals(eck.getD(), ((ECKey) jwk).getD());
assertEquals(eck.getX(), ((ECKey) jwk).getX());
assertEquals(eck.getY(), ((ECKey) jwk).getY());
assertEquals(eck.getAlg(), jwk.getAlg());
assertEquals(eck.getKid(), jwk.getKid());
}Aggregations
ECKey (io.gravitee.am.model.jose.ECKey)9
Test (org.junit.Test)8
JWKSet (io.gravitee.am.model.oidc.JWKSet)4
Client (io.gravitee.am.model.oidc.Client)3
JOSEException (com.nimbusds.jose.JOSEException)2
JWEObject (com.nimbusds.jose.JWEObject)2
ECDHDecrypter (com.nimbusds.jose.crypto.ECDHDecrypter)2
ECKeyGenerator (com.nimbusds.jose.jwk.gen.ECKeyGenerator)2
OCTKey (io.gravitee.am.model.jose.OCTKey)2
RSAKey (io.gravitee.am.model.jose.RSAKey)2
TestObserver (io.reactivex.observers.TestObserver)2
JWSHeader (com.nimbusds.jose.JWSHeader)1
ECDSASigner (com.nimbusds.jose.crypto.ECDSASigner)1
OctetKeyPair (com.nimbusds.jose.jwk.OctetKeyPair)1
OctetKeyPairGenerator (com.nimbusds.jose.jwk.gen.OctetKeyPairGenerator)1
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1
SignedJWT (com.nimbusds.jwt.SignedJWT)1
JWK (io.gravitee.am.model.jose.JWK)1
OKPKey (io.gravitee.am.model.jose.OKPKey)1
KeyPair (java.security.KeyPair)1
