use of io.helidon.security.jwt.JwtException in project helidon by oracle.
the class JwkEC method signatureAlgorithm.
@Override
String signatureAlgorithm() {
String jwkAlg = algorithm();
String javaAlg = ALG_MAP.get(jwkAlg);
if (null == javaAlg) {
throw new JwtException("Unsupported algorithm for Elliptic curve: " + jwkAlg);
}
return javaAlg;
}
use of io.helidon.security.jwt.JwtException in project helidon by oracle.
the class JwkOctet method doSign.
@Override
public byte[] doSign(byte[] bytesToSign) {
String alg = getSignatureAlgorithm();
if (ALG_NONE.equals(alg)) {
return EMPTY_BYTES;
}
Mac mac = JwtUtil.getMac(alg);
SecretKeySpec secretKey = new SecretKeySpec(keyBytes, alg);
try {
mac.init(secretKey);
} catch (InvalidKeyException e) {
throw new JwtException("Failed to init Mac for algorithm: " + alg, e);
}
return mac.doFinal(bytesToSign);
}
use of io.helidon.security.jwt.JwtException in project helidon by oracle.
the class JwkPki method doSign.
@Override
public byte[] doSign(byte[] bytesToSign) {
String alg = signatureAlgorithm();
if (ALG_NONE.equals(alg)) {
return EMPTY_BYTES;
}
Signature signature = JwtUtil.getSignature(alg);
try {
PrivateKey privateKey = this.privateKey.orElseThrow(() -> new JwtException("To sign data, private key MUST be present"));
signature.initSign(privateKey);
signature.update(bytesToSign);
return signature.sign();
} catch (Exception e) {
throw new JwtException("Failed to sign data", e);
}
}
use of io.helidon.security.jwt.JwtException in project helidon by oracle.
the class JwtProvider method impersonate.
private OutboundSecurityResponse impersonate(JwtOutboundTarget ot, String username) {
Map<String, List<String>> headers = new HashMap<>();
Jwk jwk = signKeys.forKeyId(ot.jwkKid).orElseThrow(() -> new JwtException("Signing JWK with kid: " + ot.jwkKid + " is not defined."));
Jwt.Builder builder = Jwt.builder();
builder.addPayloadClaim("name", username);
builder.subject(username).preferredUsername(username).issuer(issuer).algorithm(jwk.algorithm());
ot.update(builder);
Jwt jwt = builder.build();
SignedJwt signed = SignedJwt.sign(jwt, jwk);
ot.outboundHandler.header(headers, signed.tokenContent());
return OutboundSecurityResponse.withHeaders(headers);
}
use of io.helidon.security.jwt.JwtException in project helidon by oracle.
the class JwkEC method changeSignatureEncodingToDER.
private boolean changeSignatureEncodingToDER(byte[] signedBytes, byte[] signatureToVerify) {
String alg = signatureAlgorithm();
if (ALG_NONE.equals(alg)) {
return verifyNoneAlg(signatureToVerify);
}
byte[] rBytes = Arrays.copyOfRange(signatureToVerify, 0, 32);
byte[] sBytes = Arrays.copyOfRange(signatureToVerify, 32, 64);
BigInteger r = new BigInteger(1, rBytes);
BigInteger s = new BigInteger(1, sBytes);
byte[] rb = r.toByteArray();
byte[] sb = s.toByteArray();
byte[] signatureDerBytes;
try (ByteArrayOutputStream outputStream = new ByteArrayOutputStream()) {
int length = 1 + calculateBodyLength(rb.length) + rb.length + 1 + calculateBodyLength(sb.length) + sb.length;
outputStream.write(16 | 32);
writeLength(outputStream, length);
outputStream.write(2);
writeLength(outputStream, rb.length);
outputStream.write(rb);
outputStream.write(2);
writeLength(outputStream, sb.length);
outputStream.write(sb);
signatureDerBytes = outputStream.toByteArray();
} catch (IOException e) {
throw new JwtException("Signature encoding conversion to DER has failed.", e);
}
return super.doVerify(signedBytes, signatureDerBytes);
}
Aggregations