Search in sources :

Example 1 with JwtException

use of io.helidon.security.jwt.JwtException in project helidon by oracle.

the class JwkEC method signatureAlgorithm.

@Override
String signatureAlgorithm() {
    String jwkAlg = algorithm();
    String javaAlg = ALG_MAP.get(jwkAlg);
    if (null == javaAlg) {
        throw new JwtException("Unsupported algorithm for Elliptic curve: " + jwkAlg);
    }
    return javaAlg;
}
Also used : JwtException(io.helidon.security.jwt.JwtException) JwtUtil.asString(io.helidon.security.jwt.JwtUtil.asString)

Example 2 with JwtException

use of io.helidon.security.jwt.JwtException in project helidon by oracle.

the class JwkOctet method doSign.

@Override
public byte[] doSign(byte[] bytesToSign) {
    String alg = getSignatureAlgorithm();
    if (ALG_NONE.equals(alg)) {
        return EMPTY_BYTES;
    }
    Mac mac = JwtUtil.getMac(alg);
    SecretKeySpec secretKey = new SecretKeySpec(keyBytes, alg);
    try {
        mac.init(secretKey);
    } catch (InvalidKeyException e) {
        throw new JwtException("Failed to init Mac for algorithm: " + alg, e);
    }
    return mac.doFinal(bytesToSign);
}
Also used : SecretKeySpec(javax.crypto.spec.SecretKeySpec) JwtException(io.helidon.security.jwt.JwtException) InvalidKeyException(java.security.InvalidKeyException) Mac(javax.crypto.Mac)

Example 3 with JwtException

use of io.helidon.security.jwt.JwtException in project helidon by oracle.

the class JwkPki method doSign.

@Override
public byte[] doSign(byte[] bytesToSign) {
    String alg = signatureAlgorithm();
    if (ALG_NONE.equals(alg)) {
        return EMPTY_BYTES;
    }
    Signature signature = JwtUtil.getSignature(alg);
    try {
        PrivateKey privateKey = this.privateKey.orElseThrow(() -> new JwtException("To sign data, private key MUST be present"));
        signature.initSign(privateKey);
        signature.update(bytesToSign);
        return signature.sign();
    } catch (Exception e) {
        throw new JwtException("Failed to sign data", e);
    }
}
Also used : PrivateKey(java.security.PrivateKey) Signature(java.security.Signature) JwtException(io.helidon.security.jwt.JwtException) JwtException(io.helidon.security.jwt.JwtException) CertificateException(java.security.cert.CertificateException)

Example 4 with JwtException

use of io.helidon.security.jwt.JwtException in project helidon by oracle.

the class JwtProvider method impersonate.

private OutboundSecurityResponse impersonate(JwtOutboundTarget ot, String username) {
    Map<String, List<String>> headers = new HashMap<>();
    Jwk jwk = signKeys.forKeyId(ot.jwkKid).orElseThrow(() -> new JwtException("Signing JWK with kid: " + ot.jwkKid + " is not defined."));
    Jwt.Builder builder = Jwt.builder();
    builder.addPayloadClaim("name", username);
    builder.subject(username).preferredUsername(username).issuer(issuer).algorithm(jwk.algorithm());
    ot.update(builder);
    Jwt jwt = builder.build();
    SignedJwt signed = SignedJwt.sign(jwt, jwk);
    ot.outboundHandler.header(headers, signed.tokenContent());
    return OutboundSecurityResponse.withHeaders(headers);
}
Also used : HashMap(java.util.HashMap) IdentityHashMap(java.util.IdentityHashMap) SignedJwt(io.helidon.security.jwt.SignedJwt) Jwt(io.helidon.security.jwt.Jwt) List(java.util.List) JwtException(io.helidon.security.jwt.JwtException) SignedJwt(io.helidon.security.jwt.SignedJwt) Jwk(io.helidon.security.jwt.jwk.Jwk)

Example 5 with JwtException

use of io.helidon.security.jwt.JwtException in project helidon by oracle.

the class JwkEC method changeSignatureEncodingToDER.

private boolean changeSignatureEncodingToDER(byte[] signedBytes, byte[] signatureToVerify) {
    String alg = signatureAlgorithm();
    if (ALG_NONE.equals(alg)) {
        return verifyNoneAlg(signatureToVerify);
    }
    byte[] rBytes = Arrays.copyOfRange(signatureToVerify, 0, 32);
    byte[] sBytes = Arrays.copyOfRange(signatureToVerify, 32, 64);
    BigInteger r = new BigInteger(1, rBytes);
    BigInteger s = new BigInteger(1, sBytes);
    byte[] rb = r.toByteArray();
    byte[] sb = s.toByteArray();
    byte[] signatureDerBytes;
    try (ByteArrayOutputStream outputStream = new ByteArrayOutputStream()) {
        int length = 1 + calculateBodyLength(rb.length) + rb.length + 1 + calculateBodyLength(sb.length) + sb.length;
        outputStream.write(16 | 32);
        writeLength(outputStream, length);
        outputStream.write(2);
        writeLength(outputStream, rb.length);
        outputStream.write(rb);
        outputStream.write(2);
        writeLength(outputStream, sb.length);
        outputStream.write(sb);
        signatureDerBytes = outputStream.toByteArray();
    } catch (IOException e) {
        throw new JwtException("Signature encoding conversion to DER has failed.", e);
    }
    return super.doVerify(signedBytes, signatureDerBytes);
}
Also used : BigInteger(java.math.BigInteger) JwtUtil.asBigInteger(io.helidon.security.jwt.JwtUtil.asBigInteger) JwtUtil.getBigInteger(io.helidon.security.jwt.JwtUtil.getBigInteger) JwtException(io.helidon.security.jwt.JwtException) JwtUtil.asString(io.helidon.security.jwt.JwtUtil.asString) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) ECPoint(java.security.spec.ECPoint)

Aggregations

JwtException (io.helidon.security.jwt.JwtException)11 Principal (io.helidon.security.Principal)4 Jwt (io.helidon.security.jwt.Jwt)4 SignedJwt (io.helidon.security.jwt.SignedJwt)4 Jwk (io.helidon.security.jwt.jwk.Jwk)4 HashMap (java.util.HashMap)4 IdentityHashMap (java.util.IdentityHashMap)4 List (java.util.List)4 EncryptedJwt (io.helidon.security.jwt.EncryptedJwt)2 JwtUtil.asString (io.helidon.security.jwt.JwtUtil.asString)2 Signature (java.security.Signature)2 CertificateException (java.security.cert.CertificateException)2 LinkedList (java.util.LinkedList)2 JwtUtil.asBigInteger (io.helidon.security.jwt.JwtUtil.asBigInteger)1 JwtUtil.getBigInteger (io.helidon.security.jwt.JwtUtil.getBigInteger)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 IOException (java.io.IOException)1 BigInteger (java.math.BigInteger)1 InvalidKeyException (java.security.InvalidKeyException)1 PrivateKey (java.security.PrivateKey)1