Search in sources :

Example 6 with Certificate

use of io.jans.as.model.crypto.Certificate in project jans by JanssenProject.

the class JwtUtil method getPublicKey.

public static io.jans.as.model.crypto.PublicKey getPublicKey(String jwksUri, String jwks, SignatureAlgorithm signatureAlgorithm, String keyId) {
    JSONObject jsonKeyValue = getJsonKey(jwksUri, jwks, keyId);
    if (jsonKeyValue == null) {
        return null;
    }
    io.jans.as.model.crypto.PublicKey publicKey = null;
    try {
        String resultKeyId = jsonKeyValue.getString(KEY_ID);
        if (signatureAlgorithm == null) {
            signatureAlgorithm = SignatureAlgorithm.fromString(jsonKeyValue.getString(ALGORITHM));
            if (signatureAlgorithm == null) {
                log.error(String.format("Failed to determine key '%s' signature algorithm", resultKeyId));
                return null;
            }
        }
        JSONObject jsonPublicKey = jsonKeyValue;
        if (jsonKeyValue.has(PUBLIC_KEY)) {
            // Use internal jwks.json format
            jsonPublicKey = jsonKeyValue.getJSONObject(PUBLIC_KEY);
        }
        AlgorithmFamily algorithmFamily = signatureAlgorithm.getFamily();
        if (algorithmFamily == AlgorithmFamily.RSA) {
            String exp = jsonPublicKey.getString(EXPONENT);
            String mod = jsonPublicKey.getString(MODULUS);
            BigInteger publicExponent = new BigInteger(1, Base64Util.base64urldecode(exp));
            BigInteger modulus = new BigInteger(1, Base64Util.base64urldecode(mod));
            publicKey = new RSAPublicKey(modulus, publicExponent);
        } else if (algorithmFamily == AlgorithmFamily.EC) {
            String xx = jsonPublicKey.getString(X);
            String yy = jsonPublicKey.getString(Y);
            BigInteger x = new BigInteger(1, Base64Util.base64urldecode(xx));
            BigInteger y = new BigInteger(1, Base64Util.base64urldecode(yy));
            publicKey = new ECDSAPublicKey(signatureAlgorithm, x, y);
        } else if (algorithmFamily == AlgorithmFamily.ED) {
            String xx = jsonPublicKey.getString(X);
            BigInteger x = new BigInteger(1, Base64Util.base64urldecode(xx));
            publicKey = new EDDSAPublicKey(signatureAlgorithm, x.toByteArray());
        } else {
            throw new InvalidParameterException("Wrong value of the AlgorithmFamily: algorithmFamily = " + algorithmFamily);
        }
        if (jsonKeyValue.has(CERTIFICATE_CHAIN)) {
            final String BEGIN = "-----BEGIN CERTIFICATE-----";
            final String END = "-----END CERTIFICATE-----";
            JSONArray certChain = jsonKeyValue.getJSONArray(CERTIFICATE_CHAIN);
            String certificateString = BEGIN + "\n" + certChain.getString(0) + "\n" + END;
            StringReader sr = new StringReader(certificateString);
            PEMParser pemReader = new PEMParser(sr);
            X509Certificate cert = (X509CertificateObject) pemReader.readObject();
            io.jans.as.model.crypto.Certificate certificate = new Certificate(signatureAlgorithm, cert);
            publicKey.setCertificate(certificate);
        }
        publicKey.setKeyId(resultKeyId);
        publicKey.setSignatureAlgorithm(signatureAlgorithm);
    } catch (Exception ex) {
        log.error(ex.getMessage(), ex);
    }
    return publicKey;
}
Also used : EDDSAPublicKey(io.jans.as.model.crypto.signature.EDDSAPublicKey) JSONArray(org.json.JSONArray) AlgorithmFamily(io.jans.as.model.crypto.signature.AlgorithmFamily) X509Certificate(java.security.cert.X509Certificate) InvalidParameterException(io.jans.as.model.exception.InvalidParameterException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException) Certificate(io.jans.as.model.crypto.Certificate) InvalidParameterException(io.jans.as.model.exception.InvalidParameterException) JSONObject(org.json.JSONObject) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) PEMParser(org.bouncycastle.openssl.PEMParser) X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) StringReader(java.io.StringReader) BigInteger(java.math.BigInteger) ECDSAPublicKey(io.jans.as.model.crypto.signature.ECDSAPublicKey) X509Certificate(java.security.cert.X509Certificate) Certificate(io.jans.as.model.crypto.Certificate)

Example 7 with Certificate

use of io.jans.as.model.crypto.Certificate in project jans by JanssenProject.

the class SignatureTest method generateRS512Keys.

@Test
public void generateRS512Keys() throws Exception {
    showTitle("TEST: generateRS512Keys");
    KeyFactory<RSAPrivateKey, RSAPublicKey> keyFactory = new RSAKeyFactory(SignatureAlgorithm.RS512, "CN=Test CA Certificate");
    Key<RSAPrivateKey, RSAPublicKey> key = keyFactory.getKey();
    RSAPrivateKey privateKey = key.getPrivateKey();
    RSAPublicKey publicKey = key.getPublicKey();
    Certificate certificate = key.getCertificate();
    System.out.println(key);
    String signingInput = "Hello World!";
    RSASigner rsaSigner1 = new RSASigner(SignatureAlgorithm.RS512, privateKey);
    String signature = rsaSigner1.generateSignature(signingInput);
    RSASigner rsaSigner2 = new RSASigner(SignatureAlgorithm.RS512, publicKey);
    assertTrue(rsaSigner2.validateSignature(signingInput, signature));
    RSASigner rsaSigner3 = new RSASigner(SignatureAlgorithm.RS512, certificate);
    assertTrue(rsaSigner3.validateSignature(signingInput, signature));
}
Also used : RSAKeyFactory(io.jans.as.model.crypto.signature.RSAKeyFactory) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) RSASigner(io.jans.as.model.jws.RSASigner) RSAPrivateKey(io.jans.as.model.crypto.signature.RSAPrivateKey) Certificate(io.jans.as.model.crypto.Certificate) Test(org.testng.annotations.Test) BaseTest(io.jans.as.server.BaseTest)

Example 8 with Certificate

use of io.jans.as.model.crypto.Certificate in project jans by JanssenProject.

the class SignatureTest method generateES384Keys.

@Test
public void generateES384Keys() throws Exception {
    showTitle("TEST: generateES384Keys");
    KeyFactory<ECDSAPrivateKey, ECDSAPublicKey> keyFactory = new ECDSAKeyFactory(SignatureAlgorithm.ES384, "CN=Test CA Certificate");
    Key<ECDSAPrivateKey, ECDSAPublicKey> key = keyFactory.getKey();
    ECDSAPrivateKey privateKey = key.getPrivateKey();
    ECDSAPublicKey publicKey = key.getPublicKey();
    Certificate certificate = key.getCertificate();
    System.out.println(key);
    String signingInput = "Hello World!";
    ECDSASigner ecdsaSigner1 = new ECDSASigner(SignatureAlgorithm.ES384, privateKey);
    String signature = ecdsaSigner1.generateSignature(signingInput);
    ECDSASigner ecdsaSigner2 = new ECDSASigner(SignatureAlgorithm.ES384, publicKey);
    assertTrue(ecdsaSigner2.validateSignature(signingInput, signature));
    ECDSASigner ecdsaSigner3 = new ECDSASigner(SignatureAlgorithm.ES384, certificate);
    assertTrue(ecdsaSigner3.validateSignature(signingInput, signature));
}
Also used : ECDSAKeyFactory(io.jans.as.model.crypto.signature.ECDSAKeyFactory) ECDSASigner(io.jans.as.model.jws.ECDSASigner) ECDSAPrivateKey(io.jans.as.model.crypto.signature.ECDSAPrivateKey) ECDSAPublicKey(io.jans.as.model.crypto.signature.ECDSAPublicKey) Certificate(io.jans.as.model.crypto.Certificate) Test(org.testng.annotations.Test) BaseTest(io.jans.as.server.BaseTest)

Example 9 with Certificate

use of io.jans.as.model.crypto.Certificate in project jans by JanssenProject.

the class SignatureTest method generateES512Keys.

@Test
public void generateES512Keys() throws Exception {
    showTitle("TEST: generateES512Keys");
    KeyFactory<ECDSAPrivateKey, ECDSAPublicKey> keyFactory = new ECDSAKeyFactory(SignatureAlgorithm.ES512, "CN=Test CA Certificate");
    ECDSAPrivateKey privateKey = keyFactory.getPrivateKey();
    ECDSAPublicKey publicKey = keyFactory.getPublicKey();
    Certificate certificate = keyFactory.getCertificate();
    System.out.println("PRIVATE KEY");
    System.out.println(privateKey);
    System.out.println("PUBLIC KEY");
    System.out.println(publicKey);
    System.out.println("CERTIFICATE");
    System.out.println(certificate);
    String signingInput = "Hello World!";
    ECDSASigner ecdsaSigner1 = new ECDSASigner(SignatureAlgorithm.ES512, privateKey);
    String signature = ecdsaSigner1.generateSignature(signingInput);
    ECDSASigner ecdsaSigner2 = new ECDSASigner(SignatureAlgorithm.ES512, publicKey);
    assertTrue(ecdsaSigner2.validateSignature(signingInput, signature));
    ECDSASigner ecdsaSigner3 = new ECDSASigner(SignatureAlgorithm.ES512, certificate);
    assertTrue(ecdsaSigner3.validateSignature(signingInput, signature));
}
Also used : ECDSAKeyFactory(io.jans.as.model.crypto.signature.ECDSAKeyFactory) ECDSASigner(io.jans.as.model.jws.ECDSASigner) ECDSAPrivateKey(io.jans.as.model.crypto.signature.ECDSAPrivateKey) ECDSAPublicKey(io.jans.as.model.crypto.signature.ECDSAPublicKey) Certificate(io.jans.as.model.crypto.Certificate) Test(org.testng.annotations.Test) BaseTest(io.jans.as.server.BaseTest)

Aggregations

Certificate (io.jans.as.model.crypto.Certificate)9 BaseTest (io.jans.as.server.BaseTest)6 Test (org.testng.annotations.Test)6 ECDSAPublicKey (io.jans.as.model.crypto.signature.ECDSAPublicKey)4 RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)4 ECDSAKeyFactory (io.jans.as.model.crypto.signature.ECDSAKeyFactory)3 ECDSAPrivateKey (io.jans.as.model.crypto.signature.ECDSAPrivateKey)3 RSAKeyFactory (io.jans.as.model.crypto.signature.RSAKeyFactory)3 RSAPrivateKey (io.jans.as.model.crypto.signature.RSAPrivateKey)3 ECDSASigner (io.jans.as.model.jws.ECDSASigner)3 RSASigner (io.jans.as.model.jws.RSASigner)3 BigInteger (java.math.BigInteger)3 X509Certificate (java.security.cert.X509Certificate)3 IOException (java.io.IOException)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 NoSuchProviderException (java.security.NoSuchProviderException)2 SecureRandom (java.security.SecureRandom)2 X500Name (org.bouncycastle.asn1.x500.X500Name)2 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)2 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)2