Search in sources :

Example 46 with RSAPublicKey

use of io.jans.as.model.crypto.signature.RSAPublicKey in project jans by JanssenProject.

the class SignatureTest method generateRS256Keys.

@Test
public void generateRS256Keys() throws Exception {
    showTitle("TEST: generateRS256Keys");
    KeyFactory<RSAPrivateKey, RSAPublicKey> keyFactory = new RSAKeyFactory(SignatureAlgorithm.RS256, "CN=Test CA Certificate");
    Key<RSAPrivateKey, RSAPublicKey> key = keyFactory.getKey();
    RSAPrivateKey privateKey = key.getPrivateKey();
    RSAPublicKey publicKey = key.getPublicKey();
    Certificate certificate = key.getCertificate();
    System.out.println(key);
    String signingInput = "Hello World!";
    RSASigner rsaSigner1 = new RSASigner(SignatureAlgorithm.RS256, privateKey);
    String signature = rsaSigner1.generateSignature(signingInput);
    RSASigner rsaSigner2 = new RSASigner(SignatureAlgorithm.RS256, publicKey);
    assertTrue(rsaSigner2.validateSignature(signingInput, signature));
    RSASigner rsaSigner3 = new RSASigner(SignatureAlgorithm.RS256, certificate);
    assertTrue(rsaSigner3.validateSignature(signingInput, signature));
}
Also used : RSAKeyFactory(io.jans.as.model.crypto.signature.RSAKeyFactory) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) RSASigner(io.jans.as.model.jws.RSASigner) RSAPrivateKey(io.jans.as.model.crypto.signature.RSAPrivateKey) Certificate(io.jans.as.model.crypto.Certificate) Test(org.testng.annotations.Test) BaseTest(io.jans.as.server.BaseTest)

Example 47 with RSAPublicKey

use of io.jans.as.model.crypto.signature.RSAPublicKey in project jans by JanssenProject.

the class CrossEncryptionTest method decryptAndValidateSignatureWithGluu.

private void decryptAndValidateSignatureWithGluu(String jweString) throws ParseException, JOSEException, InvalidJweException, JSONException, InvalidJwtException {
    JWK jwk = JWK.parse(recipientJwkJson);
    RSAPrivateKey rsaPrivateKey = ((RSAKey) jwk).toRSAPrivateKey();
    JweDecrypterImpl decrypter = new JweDecrypterImpl(rsaPrivateKey);
    decrypter.setKeyEncryptionAlgorithm(KeyEncryptionAlgorithm.RSA_OAEP);
    decrypter.setBlockEncryptionAlgorithm(BlockEncryptionAlgorithm.A128GCM);
    final Jwe jwe = decrypter.decrypt(jweString);
    assertEquals(jwe.getHeader().getContentType(), JwtType.JWT);
    final Jwt jwt = jwe.getSignedJWTPayload();
    final RSAPublicKey senderPublicKey = RSAKeyFactory.valueOf(getSenderWebKey()).getPublicKey();
    Assert.assertTrue(new RSASigner(SignatureAlgorithm.RS256, senderPublicKey).validate(jwt));
    System.out.println("Gluu decrypt and nested jwt signature verification succeed: " + jwt.getClaims().toJsonString());
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) JweDecrypterImpl(io.jans.as.model.jwe.JweDecrypterImpl) Jwt(io.jans.as.model.jwt.Jwt) RSASigner(io.jans.as.model.jws.RSASigner) Jwe(io.jans.as.model.jwe.Jwe) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) JWK(com.nimbusds.jose.jwk.JWK)

Example 48 with RSAPublicKey

use of io.jans.as.model.crypto.signature.RSAPublicKey in project jans by JanssenProject.

the class JwkResponse method getPublicKey.

@Deprecated
public PublicKey getPublicKey(String keyId) {
    PublicKey publicKey = null;
    JSONWebKey JSONWebKey = getKeyValue(keyId);
    if (JSONWebKey != null) {
        switch(JSONWebKey.getKty()) {
            case RSA:
                publicKey = new RSAPublicKey(JSONWebKey.getN(), JSONWebKey.getE());
                break;
            case EC:
                publicKey = new ECDSAPublicKey(SignatureAlgorithm.fromString(JSONWebKey.getAlg().getParamName()), JSONWebKey.getX(), JSONWebKey.getY());
                break;
            default:
                break;
        }
    }
    return publicKey;
}
Also used : JSONWebKey(io.jans.as.model.jwk.JSONWebKey) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) PublicKey(io.jans.as.model.crypto.PublicKey) ECDSAPublicKey(io.jans.as.model.crypto.signature.ECDSAPublicKey) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) ECDSAPublicKey(io.jans.as.model.crypto.signature.ECDSAPublicKey)

Example 49 with RSAPublicKey

use of io.jans.as.model.crypto.signature.RSAPublicKey in project jans by JanssenProject.

the class JwkClient method getRSAPublicKey.

public static RSAPublicKey getRSAPublicKey(String jwkSetUri, String keyId, ClientHttpEngine engine) {
    RSAPublicKey publicKey = null;
    JwkClient jwkClient = new JwkClient(jwkSetUri);
    jwkClient.setExecutor(engine);
    JwkResponse jwkResponse = jwkClient.exec();
    if (jwkResponse != null && jwkResponse.getStatus() == 200) {
        PublicKey pk = jwkResponse.getPublicKey(keyId);
        if (pk instanceof RSAPublicKey) {
            publicKey = (RSAPublicKey) pk;
        }
    }
    return publicKey;
}
Also used : RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) PublicKey(io.jans.as.model.crypto.PublicKey) ECDSAPublicKey(io.jans.as.model.crypto.signature.ECDSAPublicKey) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey)

Example 50 with RSAPublicKey

use of io.jans.as.model.crypto.signature.RSAPublicKey in project jans by JanssenProject.

the class BackchannelAuthenticationPollMode method idTokenHintPS256.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void idTokenHintPS256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
    showTitle("idTokenHintPS256");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.PS256);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    List<String> scopes = Collections.singletonList("openid");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String idToken = authorizationResponse.getIdToken();
    // 3. Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    assertNotNull(jwt);
    assertJwtStandarClaimsNotNull(jwt, true);
    RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
    RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.PS256, publicKey);
    assertTrue(rsaSigner.validate(jwt));
    idTokenHintPS256 = idToken;
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) Jwt(io.jans.as.model.jwt.Jwt) BackchannelAuthenticationErrorResponseType(io.jans.as.model.ciba.BackchannelAuthenticationErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) RegisterClient(io.jans.as.client.RegisterClient) RSASigner(io.jans.as.model.jws.RSASigner) AuthorizeClient(io.jans.as.client.AuthorizeClient) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Aggregations

RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)115 RSASigner (io.jans.as.model.jws.RSASigner)106 Jwt (io.jans.as.model.jwt.Jwt)100 Test (org.testng.annotations.Test)94 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)92 BaseTest (io.jans.as.client.BaseTest)90 RegisterResponse (io.jans.as.client.RegisterResponse)90 ResponseType (io.jans.as.model.common.ResponseType)90 Parameters (org.testng.annotations.Parameters)89 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)86 RegisterClient (io.jans.as.client.RegisterClient)83 RegisterRequest (io.jans.as.client.RegisterRequest)83 AuthorizeClient (io.jans.as.client.AuthorizeClient)53 UserInfoClient (io.jans.as.client.UserInfoClient)49 UserInfoResponse (io.jans.as.client.UserInfoResponse)49 JwtAuthorizationRequest (io.jans.as.client.model.authorize.JwtAuthorizationRequest)40 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)25 TokenClient (io.jans.as.client.TokenClient)24 TokenResponse (io.jans.as.client.TokenResponse)24 Claim (io.jans.as.client.model.authorize.Claim)24