use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.
the class ConfigurationFactory method generateWebKeys.
private void generateWebKeys() {
log.info("Failed to load JWKS. Attempting to generate new JWKS...");
String newWebKeys = null;
try {
final AbstractCryptoProvider cryptoProvider = CryptoProviderFactory.getCryptoProvider(getAppConfiguration());
// Generate new JWKS
JSONObject jsonObject = AbstractCryptoProvider.generateJwks(cryptoProvider, getAppConfiguration());
newWebKeys = jsonObject.toString();
// Attempt to load new JWKS
jwks = ServerUtil.createJsonMapper().readValue(newWebKeys, io.jans.as.model.config.WebKeysConfiguration.class);
// Store new JWKS in LDAP
Conf configuration = Objects.requireNonNull(loadConfigurationFromPersistence());
configuration.setWebKeys(jwks);
long nextRevision = configuration.getRevision() + 1;
configuration.setRevision(nextRevision);
final PersistenceEntryManager ldapManager = persistenceEntryManagerInstance.get();
ldapManager.merge(configuration);
log.info("Generated new JWKS successfully.");
if (log.isTraceEnabled()) {
log.trace("JWKS keys: {}", configuration.getWebKeys().getKeys().stream().map(JSONWebKey::getKid).collect(Collectors.toList()));
log.trace("KeyStore keys: {}", cryptoProvider.getKeys());
}
} catch (Exception ex2) {
log.error("Failed to re-generate JWKS keys", ex2);
}
}
use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.
the class CryptoProviderProviderFactory method getCryptoProvider.
@Produces
@ApplicationScoped
public AbstractCryptoProvider getCryptoProvider() throws Exception {
log.debug("Started to create crypto provider");
WebKeyStorage webKeyStorage = appConfiguration.getWebKeysStorage();
if (webKeyStorage == null) {
throw new RuntimeException("Failed to initialize cryptoProvider, cryptoProviderType is not specified!");
}
AbstractCryptoProvider cryptoProvider = CryptoProviderFactory.getCryptoProvider(appConfiguration);
if (cryptoProvider == null) {
throw new RuntimeException("Failed to initialize cryptoProvider, cryptoProviderType is unsupported: " + webKeyStorage);
}
return cryptoProvider;
}
use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.
the class CrossEncryptionTest method nestedJWTProducedByGluu.
@Test
public void nestedJWTProducedByGluu() throws Exception {
AppConfiguration appConfiguration = new AppConfiguration();
List<JSONWebKey> keyArrayList = new ArrayList<JSONWebKey>();
keyArrayList.add(getSenderWebKey());
JSONWebKeySet keySet = new JSONWebKeySet();
keySet.setKeys(keyArrayList);
final JwtSigner jwtSigner = new JwtSigner(appConfiguration, keySet, SignatureAlgorithm.RS256, "audience", null, new AbstractCryptoProvider() {
@Override
public JSONObject generateKey(Algorithm algorithm, Long expirationTime) throws CryptoProviderException {
return null;
}
@Override
public JSONObject generateKey(Algorithm algorithm, Long expirationTime, int keyLength) throws CryptoProviderException {
return null;
}
@Override
public boolean containsKey(String keyId) {
return false;
}
@Override
public String sign(String signingInput, String keyId, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws CryptoProviderException {
try {
RSAPrivateKey privateKey = ((RSAKey) JWK.parse(senderJwkJson)).toRSAPrivateKey();
Signature signature = Signature.getInstance(signatureAlgorithm.getAlgorithm(), "BC");
signature.initSign(privateKey);
signature.update(signingInput.getBytes());
return Base64Util.base64urlencode(signature.sign());
} catch (JOSEException | ParseException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeyException | SignatureException e) {
throw new CryptoProviderException(e);
}
}
@Override
public boolean verifySignature(String signingInput, String encodedSignature, String keyId, JSONObject jwks, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws CryptoProviderException {
return false;
}
@Override
public boolean deleteKey(String keyId) throws CryptoProviderException {
return false;
}
@Override
public PrivateKey getPrivateKey(String keyId) throws CryptoProviderException {
throw new UnsupportedOperationException("Method not implemented.");
}
@Override
public PublicKey getPublicKey(String keyId) {
throw new UnsupportedOperationException("Method not implemented.");
}
});
Jwt jwt = jwtSigner.newJwt();
jwt.getClaims().setSubjectIdentifier("testing");
jwt.getClaims().setIssuer("https:devgluu.saminet.local");
jwt = jwtSigner.sign();
RSAKey recipientPublicJWK = (RSAKey) (JWK.parse(recipientJwkJson));
BlockEncryptionAlgorithm blockEncryptionAlgorithm = BlockEncryptionAlgorithm.A128GCM;
KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.RSA_OAEP;
Jwe jwe = new Jwe();
jwe.getHeader().setType(JwtType.JWT);
jwe.getHeader().setAlgorithm(keyEncryptionAlgorithm);
jwe.getHeader().setEncryptionMethod(blockEncryptionAlgorithm);
jwe.getHeader().setKeyId("1");
jwe.setSignedJWTPayload(jwt);
JweEncrypterImpl encrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, recipientPublicJWK.toPublicKey());
String jweString = encrypter.encrypt(jwe).toString();
decryptAndValidateSignatureWithGluu(jweString);
decryptAndValidateSignatureWithNimbus(jweString);
}
Aggregations