use of io.jans.as.model.crypto.Certificate in project jans by JanssenProject.
the class JwtUtil method getPublicKey.
public static io.jans.as.model.crypto.PublicKey getPublicKey(String jwksUri, String jwks, SignatureAlgorithm signatureAlgorithm, String keyId) {
JSONObject jsonKeyValue = getJsonKey(jwksUri, jwks, keyId);
if (jsonKeyValue == null) {
return null;
}
io.jans.as.model.crypto.PublicKey publicKey = null;
try {
String resultKeyId = jsonKeyValue.getString(KEY_ID);
if (signatureAlgorithm == null) {
signatureAlgorithm = SignatureAlgorithm.fromString(jsonKeyValue.getString(ALGORITHM));
if (signatureAlgorithm == null) {
log.error(String.format("Failed to determine key '%s' signature algorithm", resultKeyId));
return null;
}
}
JSONObject jsonPublicKey = jsonKeyValue;
if (jsonKeyValue.has(PUBLIC_KEY)) {
// Use internal jwks.json format
jsonPublicKey = jsonKeyValue.getJSONObject(PUBLIC_KEY);
}
AlgorithmFamily algorithmFamily = signatureAlgorithm.getFamily();
if (algorithmFamily == AlgorithmFamily.RSA) {
String exp = jsonPublicKey.getString(EXPONENT);
String mod = jsonPublicKey.getString(MODULUS);
BigInteger publicExponent = new BigInteger(1, Base64Util.base64urldecode(exp));
BigInteger modulus = new BigInteger(1, Base64Util.base64urldecode(mod));
publicKey = new RSAPublicKey(modulus, publicExponent);
} else if (algorithmFamily == AlgorithmFamily.EC) {
String xx = jsonPublicKey.getString(X);
String yy = jsonPublicKey.getString(Y);
BigInteger x = new BigInteger(1, Base64Util.base64urldecode(xx));
BigInteger y = new BigInteger(1, Base64Util.base64urldecode(yy));
publicKey = new ECDSAPublicKey(signatureAlgorithm, x, y);
} else if (algorithmFamily == AlgorithmFamily.ED) {
String xx = jsonPublicKey.getString(X);
BigInteger x = new BigInteger(1, Base64Util.base64urldecode(xx));
publicKey = new EDDSAPublicKey(signatureAlgorithm, x.toByteArray());
} else {
throw new InvalidParameterException("Wrong value of the AlgorithmFamily: algorithmFamily = " + algorithmFamily);
}
if (jsonKeyValue.has(CERTIFICATE_CHAIN)) {
final String BEGIN = "-----BEGIN CERTIFICATE-----";
final String END = "-----END CERTIFICATE-----";
JSONArray certChain = jsonKeyValue.getJSONArray(CERTIFICATE_CHAIN);
String certificateString = BEGIN + "\n" + certChain.getString(0) + "\n" + END;
StringReader sr = new StringReader(certificateString);
PEMParser pemReader = new PEMParser(sr);
X509Certificate cert = (X509CertificateObject) pemReader.readObject();
io.jans.as.model.crypto.Certificate certificate = new Certificate(signatureAlgorithm, cert);
publicKey.setCertificate(certificate);
}
publicKey.setKeyId(resultKeyId);
publicKey.setSignatureAlgorithm(signatureAlgorithm);
} catch (Exception ex) {
log.error(ex.getMessage(), ex);
}
return publicKey;
}
use of io.jans.as.model.crypto.Certificate in project jans by JanssenProject.
the class SignatureTest method generateRS512Keys.
@Test
public void generateRS512Keys() throws Exception {
showTitle("TEST: generateRS512Keys");
KeyFactory<RSAPrivateKey, RSAPublicKey> keyFactory = new RSAKeyFactory(SignatureAlgorithm.RS512, "CN=Test CA Certificate");
Key<RSAPrivateKey, RSAPublicKey> key = keyFactory.getKey();
RSAPrivateKey privateKey = key.getPrivateKey();
RSAPublicKey publicKey = key.getPublicKey();
Certificate certificate = key.getCertificate();
System.out.println(key);
String signingInput = "Hello World!";
RSASigner rsaSigner1 = new RSASigner(SignatureAlgorithm.RS512, privateKey);
String signature = rsaSigner1.generateSignature(signingInput);
RSASigner rsaSigner2 = new RSASigner(SignatureAlgorithm.RS512, publicKey);
assertTrue(rsaSigner2.validateSignature(signingInput, signature));
RSASigner rsaSigner3 = new RSASigner(SignatureAlgorithm.RS512, certificate);
assertTrue(rsaSigner3.validateSignature(signingInput, signature));
}
use of io.jans.as.model.crypto.Certificate in project jans by JanssenProject.
the class SignatureTest method generateES384Keys.
@Test
public void generateES384Keys() throws Exception {
showTitle("TEST: generateES384Keys");
KeyFactory<ECDSAPrivateKey, ECDSAPublicKey> keyFactory = new ECDSAKeyFactory(SignatureAlgorithm.ES384, "CN=Test CA Certificate");
Key<ECDSAPrivateKey, ECDSAPublicKey> key = keyFactory.getKey();
ECDSAPrivateKey privateKey = key.getPrivateKey();
ECDSAPublicKey publicKey = key.getPublicKey();
Certificate certificate = key.getCertificate();
System.out.println(key);
String signingInput = "Hello World!";
ECDSASigner ecdsaSigner1 = new ECDSASigner(SignatureAlgorithm.ES384, privateKey);
String signature = ecdsaSigner1.generateSignature(signingInput);
ECDSASigner ecdsaSigner2 = new ECDSASigner(SignatureAlgorithm.ES384, publicKey);
assertTrue(ecdsaSigner2.validateSignature(signingInput, signature));
ECDSASigner ecdsaSigner3 = new ECDSASigner(SignatureAlgorithm.ES384, certificate);
assertTrue(ecdsaSigner3.validateSignature(signingInput, signature));
}
use of io.jans.as.model.crypto.Certificate in project jans by JanssenProject.
the class SignatureTest method generateES512Keys.
@Test
public void generateES512Keys() throws Exception {
showTitle("TEST: generateES512Keys");
KeyFactory<ECDSAPrivateKey, ECDSAPublicKey> keyFactory = new ECDSAKeyFactory(SignatureAlgorithm.ES512, "CN=Test CA Certificate");
ECDSAPrivateKey privateKey = keyFactory.getPrivateKey();
ECDSAPublicKey publicKey = keyFactory.getPublicKey();
Certificate certificate = keyFactory.getCertificate();
System.out.println("PRIVATE KEY");
System.out.println(privateKey);
System.out.println("PUBLIC KEY");
System.out.println(publicKey);
System.out.println("CERTIFICATE");
System.out.println(certificate);
String signingInput = "Hello World!";
ECDSASigner ecdsaSigner1 = new ECDSASigner(SignatureAlgorithm.ES512, privateKey);
String signature = ecdsaSigner1.generateSignature(signingInput);
ECDSASigner ecdsaSigner2 = new ECDSASigner(SignatureAlgorithm.ES512, publicKey);
assertTrue(ecdsaSigner2.validateSignature(signingInput, signature));
ECDSASigner ecdsaSigner3 = new ECDSASigner(SignatureAlgorithm.ES512, certificate);
assertTrue(ecdsaSigner3.validateSignature(signingInput, signature));
}
Aggregations