use of io.jans.as.model.crypto.PublicKey in project jans by JanssenProject.
the class JwkClient method getECDSAPublicKey.
public static ECDSAPublicKey getECDSAPublicKey(String jwkSetUrl, String keyId, ClientHttpEngine engine) {
ECDSAPublicKey publicKey = null;
JwkClient jwkClient = new JwkClient(jwkSetUrl);
if (engine != null) {
jwkClient.setExecutor(engine);
}
JwkResponse jwkResponse = jwkClient.exec();
if (jwkResponse != null && jwkResponse.getStatus() == 200) {
PublicKey pk = jwkResponse.getPublicKey(keyId);
if (pk instanceof ECDSAPublicKey) {
publicKey = (ECDSAPublicKey) pk;
}
}
return publicKey;
}
use of io.jans.as.model.crypto.PublicKey in project jans by JanssenProject.
the class JwkResponse method getPublicKey.
@Deprecated
public PublicKey getPublicKey(String keyId) {
PublicKey publicKey = null;
JSONWebKey JSONWebKey = getKeyValue(keyId);
if (JSONWebKey != null) {
switch(JSONWebKey.getKty()) {
case RSA:
publicKey = new RSAPublicKey(JSONWebKey.getN(), JSONWebKey.getE());
break;
case EC:
publicKey = new ECDSAPublicKey(SignatureAlgorithm.fromString(JSONWebKey.getAlg().getParamName()), JSONWebKey.getX(), JSONWebKey.getY());
break;
default:
break;
}
}
return publicKey;
}
use of io.jans.as.model.crypto.PublicKey in project jans by JanssenProject.
the class JwkClient method getRSAPublicKey.
public static RSAPublicKey getRSAPublicKey(String jwkSetUri, String keyId, ClientHttpEngine engine) {
RSAPublicKey publicKey = null;
JwkClient jwkClient = new JwkClient(jwkSetUri);
jwkClient.setExecutor(engine);
JwkResponse jwkResponse = jwkClient.exec();
if (jwkResponse != null && jwkResponse.getStatus() == 200) {
PublicKey pk = jwkResponse.getPublicKey(keyId);
if (pk instanceof RSAPublicKey) {
publicKey = (RSAPublicKey) pk;
}
}
return publicKey;
}
use of io.jans.as.model.crypto.PublicKey in project jans by JanssenProject.
the class JwtUtil method validateSignature.
public boolean validateSignature(Jwt jwt, JSONWebKeySet jsonWebKeySet) {
log.trace("\n\n JwtUtil::validateSignature() - jwt = " + jwt + " , jsonWebKeySet =" + jsonWebKeySet + "\n");
try {
final String kid = jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID);
final String algorithm = jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM);
final SignatureAlgorithm signatureAlgorithm = jwt.getHeader().getSignatureAlgorithm();
log.trace("\n\n JwtUtil::validateSignature() - kid = " + kid + " , algorithm =" + algorithm + " signatureAlgorithm = " + signatureAlgorithm + "\n");
PublicKey publicKey = getPublicKey(kid, jsonWebKeySet, signatureAlgorithm);
log.trace("\n\n JwtUtil::validateSignature() - publicKey = " + publicKey + "\n");
if (publicKey == null) {
log.error("Failed to get RSA public key.");
return false;
}
// Validate
AbstractJwsSigner signer = null;
if (AlgorithmFamily.RSA.equals(signatureAlgorithm.getFamily())) {
signer = new RSASigner(SignatureAlgorithm.fromString(algorithm), (RSAPublicKey) publicKey);
} else if (AlgorithmFamily.EC.equals(signatureAlgorithm.getFamily())) {
signer = new ECDSASigner(SignatureAlgorithm.fromString(algorithm), (ECDSAPublicKey) publicKey);
}
if (signer == null) {
log.error("ID Token signer is not found!");
return false;
}
boolean signature = signer.validate(jwt);
if (signature) {
log.debug("ID Token is successfully validated.");
return true;
}
log.error("ID Token signature invalid.");
return false;
} catch (Exception e) {
log.error("Failed to validate id_token. Message: " + e.getMessage(), e);
return false;
}
}
use of io.jans.as.model.crypto.PublicKey in project jans by JanssenProject.
the class PublicOpKeyService method getPublicKey.
public PublicKey getPublicKey(String jwkSetUrl, String keyId, SignatureAlgorithm signatureAlgorithm, Use use) {
// Get keys from cache if present
Optional<PublicKey> cachedKey = getCachedKey(jwkSetUrl, keyId);
if (cachedKey.isPresent()) {
LOG.debug("Taken public key from cache. jwks_url: {}, kid : {} ", jwkSetUrl, keyId);
return cachedKey.get();
}
// Request jwks from OP
JwkClient jwkClient = opClientFactory.createJwkClient(jwkSetUrl);
jwkClient.setExecutor(new ApacheHttpClient43Engine(httpService.getHttpClient()));
JwkResponse jwkResponse = jwkClient.exec();
if (jwkResponse == null || jwkResponse.getStatus() != 200) {
LOG.error("Failed to fetch public key from OP. Obtained Response : {}", (jwkResponse == null ? jwkResponse : jwkResponse.getStatus()));
throw new RuntimeException("Failed to fetch public key from OP. Obtained Response : " + (jwkResponse == null ? jwkResponse : jwkResponse.getStatus()));
}
if (!Strings.isNullOrEmpty(keyId)) {
PublicKey publicKey = jwkResponse.getPublicKey(keyId);
if (publicKey != null) {
cache.put((new Pair<>(jwkSetUrl, keyId)), publicKey);
return publicKey;
}
} else {
JSONWebKeySet jsonWebKeySet = jwkResponse.getJwks();
List<PublicKey> pks = Lists.newArrayList();
for (JSONWebKey key : jsonWebKeySet.getKeys()) {
if (key.getKty() == null)
continue;
if (signatureAlgorithm.getFamily().toString().equals(key.getKty().toString()) && (use == null || use == key.getUse())) {
pks.add(getPublicKey(key));
}
}
if (pks.size() > 1) {
LOG.error("Multiple matching keys found in issuer's jwks_uri for algorithm : {}. `kid` must be provided in this case.", signatureAlgorithm.getName());
throw new RuntimeException("Multiple matching keys found in issuer's jwks_uri for algorithm : " + signatureAlgorithm.getName() + ". `kid` must be provided in this case.");
}
if (pks.size() == 1) {
if (!Strings.isNullOrEmpty(pks.get(0).getKeyId())) {
cache.put((new Pair<>(jwkSetUrl, pks.get(0).getKeyId())), pks.get(0));
}
return pks.get(0);
}
}
LOG.error("Failed to fetch public key from OP.");
throw new RuntimeException("Failed to fetch public key from OP.");
}
Aggregations