use of io.jans.as.model.crypto.signature.AlgorithmFamily in project jans by JanssenProject.
the class AuthCryptoProvider method generateKeyEncryption.
private JSONObject generateKeyEncryption(Algorithm algorithm, Long expirationTime, int keyLength) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, OperatorCreationException, CertificateException, KeyStoreException, IOException {
KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.fromName(algorithm.getParamName());
if (keyEncryptionAlgorithm == null) {
algorithm = Algorithm.RS256;
keyEncryptionAlgorithm = KeyEncryptionAlgorithm.RSA1_5;
}
KeyPairGenerator keyGen = null;
String signatureAlgorithm = null;
final AlgorithmFamily algorithmFamily = algorithm.getFamily();
switch(algorithmFamily) {
case RSA:
{
keyGen = KeyPairGenerator.getInstance(algorithmFamily.toString(), "BC");
keyGen.initialize(keyLength, new SecureRandom());
signatureAlgorithm = "SHA256WITHRSA";
break;
}
case EC:
{
ECGenParameterSpec eccgen = new ECGenParameterSpec(keyEncryptionAlgorithm.getCurve().getAlias());
keyGen = KeyPairGenerator.getInstance(algorithmFamily.toString(), "BC");
keyGen.initialize(eccgen, new SecureRandom());
signatureAlgorithm = "SHA256WITHECDSA";
break;
}
default:
{
throw new IllegalStateException("The provided key encryption algorithm parameter is not supported: algorithmFamily = " + algorithmFamily);
}
}
return getJson(algorithm, keyGen, signatureAlgorithm, expirationTime);
}
use of io.jans.as.model.crypto.signature.AlgorithmFamily in project jans by JanssenProject.
the class AbstractCryptoProvider method processKey.
private PublicKey processKey(Algorithm requestedAlgorithm, String alias, JSONObject key) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidParameterSpecException, InvalidParameterException {
PublicKey publicKey = null;
AlgorithmFamily algorithmFamily = null;
if (key.has(JWKParameter.ALGORITHM)) {
Algorithm algorithm = Algorithm.fromString(key.optString(JWKParameter.ALGORITHM));
if (requestedAlgorithm != null && !requestedAlgorithm.equals(algorithm)) {
LOG.trace("kid matched but algorithm does not match. kid algorithm:" + algorithm + ", requestedAlgorithm:" + requestedAlgorithm + ", kid:" + alias);
return null;
}
algorithmFamily = algorithm.getFamily();
} else if (key.has(JWKParameter.KEY_TYPE)) {
algorithmFamily = AlgorithmFamily.fromString(key.getString(JWKParameter.KEY_TYPE));
} else {
throw new InvalidParameterException("Wrong key (JSONObject): doesn't contain 'alg' and 'kty' properties");
}
switch(algorithmFamily) {
case RSA:
{
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger(1, Base64Util.base64urldecode(key.getString(JWKParameter.MODULUS))), new BigInteger(1, Base64Util.base64urldecode(key.getString(JWKParameter.EXPONENT))));
publicKey = keyFactory.generatePublic(pubKeySpec);
break;
}
case EC:
{
EllipticEdvardsCurve curve = EllipticEdvardsCurve.fromString(key.optString(JWKParameter.CURVE));
AlgorithmParameters parameters = AlgorithmParameters.getInstance(AlgorithmFamily.EC.toString());
parameters.init(new ECGenParameterSpec(curve.getAlias()));
ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
publicKey = KeyFactory.getInstance(AlgorithmFamily.EC.toString()).generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, Base64Util.base64urldecode(key.getString(JWKParameter.X))), new BigInteger(1, Base64Util.base64urldecode(key.getString(JWKParameter.Y)))), ecParameters));
break;
}
case ED:
{
X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64Util.base64urldecode(key.getString(JWKParameter.X)));
publicKey = KeyFactory.getInstance(key.optString(JWKParameter.ALGORITHM)).generatePublic(publicKeySpec);
break;
}
default:
{
throw new InvalidParameterException(String.format("Wrong AlgorithmFamily value: %s", algorithmFamily));
}
}
if (key.has(JWKParameter.EXPIRATION_TIME)) {
checkKeyExpiration(alias, key.getLong(JWKParameter.EXPIRATION_TIME));
}
return publicKey;
}
use of io.jans.as.model.crypto.signature.AlgorithmFamily in project jans by JanssenProject.
the class JwtUtil method getPublicKey.
public static io.jans.as.model.crypto.PublicKey getPublicKey(String jwksUri, String jwks, SignatureAlgorithm signatureAlgorithm, String keyId) {
JSONObject jsonKeyValue = getJsonKey(jwksUri, jwks, keyId);
if (jsonKeyValue == null) {
return null;
}
io.jans.as.model.crypto.PublicKey publicKey = null;
try {
String resultKeyId = jsonKeyValue.getString(KEY_ID);
if (signatureAlgorithm == null) {
signatureAlgorithm = SignatureAlgorithm.fromString(jsonKeyValue.getString(ALGORITHM));
if (signatureAlgorithm == null) {
log.error(String.format("Failed to determine key '%s' signature algorithm", resultKeyId));
return null;
}
}
JSONObject jsonPublicKey = jsonKeyValue;
if (jsonKeyValue.has(PUBLIC_KEY)) {
// Use internal jwks.json format
jsonPublicKey = jsonKeyValue.getJSONObject(PUBLIC_KEY);
}
AlgorithmFamily algorithmFamily = signatureAlgorithm.getFamily();
if (algorithmFamily == AlgorithmFamily.RSA) {
String exp = jsonPublicKey.getString(EXPONENT);
String mod = jsonPublicKey.getString(MODULUS);
BigInteger publicExponent = new BigInteger(1, Base64Util.base64urldecode(exp));
BigInteger modulus = new BigInteger(1, Base64Util.base64urldecode(mod));
publicKey = new RSAPublicKey(modulus, publicExponent);
} else if (algorithmFamily == AlgorithmFamily.EC) {
String xx = jsonPublicKey.getString(X);
String yy = jsonPublicKey.getString(Y);
BigInteger x = new BigInteger(1, Base64Util.base64urldecode(xx));
BigInteger y = new BigInteger(1, Base64Util.base64urldecode(yy));
publicKey = new ECDSAPublicKey(signatureAlgorithm, x, y);
} else if (algorithmFamily == AlgorithmFamily.ED) {
String xx = jsonPublicKey.getString(X);
BigInteger x = new BigInteger(1, Base64Util.base64urldecode(xx));
publicKey = new EDDSAPublicKey(signatureAlgorithm, x.toByteArray());
} else {
throw new InvalidParameterException("Wrong value of the AlgorithmFamily: algorithmFamily = " + algorithmFamily);
}
if (jsonKeyValue.has(CERTIFICATE_CHAIN)) {
final String BEGIN = "-----BEGIN CERTIFICATE-----";
final String END = "-----END CERTIFICATE-----";
JSONArray certChain = jsonKeyValue.getJSONArray(CERTIFICATE_CHAIN);
String certificateString = BEGIN + "\n" + certChain.getString(0) + "\n" + END;
StringReader sr = new StringReader(certificateString);
PEMParser pemReader = new PEMParser(sr);
X509Certificate cert = (X509CertificateObject) pemReader.readObject();
io.jans.as.model.crypto.Certificate certificate = new Certificate(signatureAlgorithm, cert);
publicKey.setCertificate(certificate);
}
publicKey.setKeyId(resultKeyId);
publicKey.setSignatureAlgorithm(signatureAlgorithm);
} catch (Exception ex) {
log.error(ex.getMessage(), ex);
}
return publicKey;
}
use of io.jans.as.model.crypto.signature.AlgorithmFamily in project jans by JanssenProject.
the class AuthCryptoProvider method generateKeySignature.
private JSONObject generateKeySignature(Algorithm algorithm, Long expirationTime, int keyLength) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, OperatorCreationException, CertificateException, KeyStoreException, IOException {
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(algorithm.getParamName());
if (signatureAlgorithm == null) {
algorithm = Algorithm.ES384;
signatureAlgorithm = SignatureAlgorithm.ES384;
}
KeyPairGenerator keyGen = null;
final AlgorithmFamily algorithmFamily = algorithm.getFamily();
switch(algorithmFamily) {
case RSA:
{
keyGen = KeyPairGenerator.getInstance(algorithmFamily.toString(), "BC");
keyGen.initialize(keyLength, new SecureRandom());
break;
}
case EC:
{
ECGenParameterSpec eccgen = new ECGenParameterSpec(signatureAlgorithm.getCurve().getAlias());
keyGen = KeyPairGenerator.getInstance(algorithmFamily.toString(), "BC");
keyGen.initialize(eccgen, new SecureRandom());
break;
}
case ED:
{
EdDSAParameterSpec edSpec = new EdDSAParameterSpec(signatureAlgorithm.getCurve().getAlias());
keyGen = KeyPairGenerator.getInstance(signatureAlgorithm.getName(), "BC");
keyGen.initialize(edSpec, new SecureRandom());
break;
}
default:
{
throw new IllegalStateException("The provided signature algorithm parameter is not supported: algorithmFamily = " + algorithmFamily);
}
}
return getJson(algorithm, keyGen, signatureAlgorithm.getAlgorithm(), expirationTime);
}
use of io.jans.as.model.crypto.signature.AlgorithmFamily in project jans by JanssenProject.
the class JwtCrossCheckTest method createNimbusJwt.
private static String createNimbusJwt(AuthCryptoProvider cryptoProvider, String kid, SignatureAlgorithm signatureAlgorithm) throws Exception {
final AlgorithmFamily family = signatureAlgorithm.getFamily();
JWSSigner signer = null;
switch(family) {
case RSA:
signer = new RSASSASigner(RSAKey.load(cryptoProvider.getKeyStore(), kid, cryptoProvider.getKeyStoreSecret().toCharArray()));
break;
case EC:
signer = new com.nimbusds.jose.crypto.ECDSASigner(ECKey.load(cryptoProvider.getKeyStore(), kid, cryptoProvider.getKeyStoreSecret().toCharArray()));
break;
}
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("1202.d50a4eeb-ab5d-474b-aaaf-e4aa47bc54a5").issuer("1202.d50a4eeb-ab5d-474b-aaaf-e4aa47bc54a5").expirationTime(new Date(1575559276888000L)).issueTime(new Date(1575559276888000L)).audience("https://gomer-vbox/jans-auth/restv1/token").build();
SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(signatureAlgorithm.getJwsAlgorithm()).keyID(kid).build(), claimsSet);
signedJWT.sign(signer);
return signedJWT.serialize();
}
Aggregations