Search in sources :

Example 21 with AbstractCryptoProvider

use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.

the class ConfigurationFactory method generateWebKeys.

private void generateWebKeys() {
    log.info("Failed to load JWKS. Attempting to generate new JWKS...");
    String newWebKeys = null;
    try {
        final AbstractCryptoProvider cryptoProvider = CryptoProviderFactory.getCryptoProvider(getAppConfiguration());
        // Generate new JWKS
        JSONObject jsonObject = AbstractCryptoProvider.generateJwks(cryptoProvider, getAppConfiguration());
        newWebKeys = jsonObject.toString();
        // Attempt to load new JWKS
        jwks = ServerUtil.createJsonMapper().readValue(newWebKeys, io.jans.as.model.config.WebKeysConfiguration.class);
        // Store new JWKS in LDAP
        Conf configuration = Objects.requireNonNull(loadConfigurationFromPersistence());
        configuration.setWebKeys(jwks);
        long nextRevision = configuration.getRevision() + 1;
        configuration.setRevision(nextRevision);
        final PersistenceEntryManager ldapManager = persistenceEntryManagerInstance.get();
        ldapManager.merge(configuration);
        log.info("Generated new JWKS successfully.");
        if (log.isTraceEnabled()) {
            log.trace("JWKS keys: {}", configuration.getWebKeys().getKeys().stream().map(JSONWebKey::getKid).collect(Collectors.toList()));
            log.trace("KeyStore keys: {}", cryptoProvider.getKeys());
        }
    } catch (Exception ex2) {
        log.error("Failed to re-generate JWKS keys", ex2);
    }
}
Also used : PersistenceEntryManager(io.jans.orm.PersistenceEntryManager) JSONWebKey(io.jans.as.model.jwk.JSONWebKey) JSONObject(org.json.JSONObject) WebKeysConfiguration(io.jans.as.model.config.WebKeysConfiguration) Conf(io.jans.as.model.config.Conf) AbstractCryptoProvider(io.jans.as.model.crypto.AbstractCryptoProvider) ConfigurationException(io.jans.exception.ConfigurationException) BasePersistenceException(io.jans.orm.exception.BasePersistenceException)

Example 22 with AbstractCryptoProvider

use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.

the class CryptoProviderProviderFactory method getCryptoProvider.

@Produces
@ApplicationScoped
public AbstractCryptoProvider getCryptoProvider() throws Exception {
    log.debug("Started to create crypto provider");
    WebKeyStorage webKeyStorage = appConfiguration.getWebKeysStorage();
    if (webKeyStorage == null) {
        throw new RuntimeException("Failed to initialize cryptoProvider, cryptoProviderType is not specified!");
    }
    AbstractCryptoProvider cryptoProvider = CryptoProviderFactory.getCryptoProvider(appConfiguration);
    if (cryptoProvider == null) {
        throw new RuntimeException("Failed to initialize cryptoProvider, cryptoProviderType is unsupported: " + webKeyStorage);
    }
    return cryptoProvider;
}
Also used : WebKeyStorage(io.jans.as.model.common.WebKeyStorage) AbstractCryptoProvider(io.jans.as.model.crypto.AbstractCryptoProvider) Produces(javax.enterprise.inject.Produces) ApplicationScoped(javax.enterprise.context.ApplicationScoped)

Example 23 with AbstractCryptoProvider

use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.

the class CrossEncryptionTest method nestedJWTProducedByGluu.

@Test
public void nestedJWTProducedByGluu() throws Exception {
    AppConfiguration appConfiguration = new AppConfiguration();
    List<JSONWebKey> keyArrayList = new ArrayList<JSONWebKey>();
    keyArrayList.add(getSenderWebKey());
    JSONWebKeySet keySet = new JSONWebKeySet();
    keySet.setKeys(keyArrayList);
    final JwtSigner jwtSigner = new JwtSigner(appConfiguration, keySet, SignatureAlgorithm.RS256, "audience", null, new AbstractCryptoProvider() {

        @Override
        public JSONObject generateKey(Algorithm algorithm, Long expirationTime) throws CryptoProviderException {
            return null;
        }

        @Override
        public JSONObject generateKey(Algorithm algorithm, Long expirationTime, int keyLength) throws CryptoProviderException {
            return null;
        }

        @Override
        public boolean containsKey(String keyId) {
            return false;
        }

        @Override
        public String sign(String signingInput, String keyId, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws CryptoProviderException {
            try {
                RSAPrivateKey privateKey = ((RSAKey) JWK.parse(senderJwkJson)).toRSAPrivateKey();
                Signature signature = Signature.getInstance(signatureAlgorithm.getAlgorithm(), "BC");
                signature.initSign(privateKey);
                signature.update(signingInput.getBytes());
                return Base64Util.base64urlencode(signature.sign());
            } catch (JOSEException | ParseException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeyException | SignatureException e) {
                throw new CryptoProviderException(e);
            }
        }

        @Override
        public boolean verifySignature(String signingInput, String encodedSignature, String keyId, JSONObject jwks, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws CryptoProviderException {
            return false;
        }

        @Override
        public boolean deleteKey(String keyId) throws CryptoProviderException {
            return false;
        }

        @Override
        public PrivateKey getPrivateKey(String keyId) throws CryptoProviderException {
            throw new UnsupportedOperationException("Method not implemented.");
        }

        @Override
        public PublicKey getPublicKey(String keyId) {
            throw new UnsupportedOperationException("Method not implemented.");
        }
    });
    Jwt jwt = jwtSigner.newJwt();
    jwt.getClaims().setSubjectIdentifier("testing");
    jwt.getClaims().setIssuer("https:devgluu.saminet.local");
    jwt = jwtSigner.sign();
    RSAKey recipientPublicJWK = (RSAKey) (JWK.parse(recipientJwkJson));
    BlockEncryptionAlgorithm blockEncryptionAlgorithm = BlockEncryptionAlgorithm.A128GCM;
    KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.RSA_OAEP;
    Jwe jwe = new Jwe();
    jwe.getHeader().setType(JwtType.JWT);
    jwe.getHeader().setAlgorithm(keyEncryptionAlgorithm);
    jwe.getHeader().setEncryptionMethod(blockEncryptionAlgorithm);
    jwe.getHeader().setKeyId("1");
    jwe.setSignedJWTPayload(jwt);
    JweEncrypterImpl encrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, recipientPublicJWK.toPublicKey());
    String jweString = encrypter.encrypt(jwe).toString();
    decryptAndValidateSignatureWithGluu(jweString);
    decryptAndValidateSignatureWithNimbus(jweString);
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet) ArrayList(java.util.ArrayList) SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm) BlockEncryptionAlgorithm(io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm) JwtSigner(io.jans.as.server.model.token.JwtSigner) AppConfiguration(io.jans.as.model.configuration.AppConfiguration) Jwe(io.jans.as.model.jwe.Jwe) AbstractCryptoProvider(io.jans.as.model.crypto.AbstractCryptoProvider) PublicKey(java.security.PublicKey) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) Jwt(io.jans.as.model.jwt.Jwt) JWEAlgorithm(com.nimbusds.jose.JWEAlgorithm) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm) BlockEncryptionAlgorithm(io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm) SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm) Algorithm(io.jans.as.model.jwk.Algorithm) CryptoProviderException(io.jans.as.model.exception.CryptoProviderException) JSONWebKey(io.jans.as.model.jwk.JSONWebKey) JSONObject(org.json.JSONObject) Signature(java.security.Signature) KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm) JweEncrypterImpl(io.jans.as.model.jwe.JweEncrypterImpl) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) Test(org.testng.annotations.Test)

Aggregations

AbstractCryptoProvider (io.jans.as.model.crypto.AbstractCryptoProvider)23 Test (org.testng.annotations.Test)17 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)10 ResponseType (io.jans.as.model.common.ResponseType)7 BaseTest (io.jans.as.client.BaseTest)6 SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)6 Jwt (io.jans.as.model.jwt.Jwt)6 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)5 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)5 RegisterClient (io.jans.as.client.RegisterClient)5 RegisterRequest (io.jans.as.client.RegisterRequest)5 RegisterResponse (io.jans.as.client.RegisterResponse)5 Parameters (org.testng.annotations.Parameters)5 UserInfoClient (io.jans.as.client.UserInfoClient)4 UserInfoResponse (io.jans.as.client.UserInfoResponse)4 Claim (io.jans.as.client.model.authorize.Claim)4 JwtAuthorizationRequest (io.jans.as.client.model.authorize.JwtAuthorizationRequest)4 PlainTextSignature (io.jans.as.model.jws.PlainTextSignature)3 ArrayList (java.util.ArrayList)3 JSONObject (org.json.JSONObject)3