Example 11 with SignatureAlgorithm
use of io.jans.as.model.crypto.signature.SignatureAlgorithm in project jans by JanssenProject.
the class KeyGeneratorService method generateKeys.
private JSONWebKeySet generateKeys(List<Algorithm> signatureAlgorithms, List<Algorithm> encryptionAlgorithms, int expiration_hours) {
LOG.trace("Generating jwks keys...");
JSONWebKeySet jwks = new JSONWebKeySet();
Calendar calendar = new GregorianCalendar();
calendar.add(Calendar.HOUR, expiration_hours);
for (Algorithm algorithm : signatureAlgorithms) {
try {
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(algorithm.name());
JSONObject result = this.cryptoProvider.generateKey(algorithm, calendar.getTimeInMillis());
JSONWebKey key = JSONWebKey.fromJSONObject(result);
jwks.getKeys().add(key);
} catch (Exception ex) {
LOG.error(ex.getMessage(), ex);
}
}
for (Algorithm algorithm : encryptionAlgorithms) {
try {
KeyEncryptionAlgorithm encryptionAlgorithm = KeyEncryptionAlgorithm.fromName(algorithm.getParamName());
JSONObject result = this.cryptoProvider.generateKey(algorithm, calendar.getTimeInMillis());
JSONWebKey key = JSONWebKey.fromJSONObject(result);
jwks.getKeys().add(key);
} catch (Exception ex) {
LOG.error(ex.getMessage(), ex);
}
}
// LOG.trace("jwks: ", jwks);
LOG.trace("jwks generated successfully.");
return jwks;
}
Also used :
JSONWebKey(io.jans.as.model.jwk.JSONWebKey)
JSONObject(org.json.JSONObject)
JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet)
Calendar(java.util.Calendar)
GregorianCalendar(java.util.GregorianCalendar)
KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)
GregorianCalendar(java.util.GregorianCalendar)
SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm)
SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm)
Algorithm(io.jans.as.model.jwk.Algorithm)
KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)
CryptoProviderException(io.jans.as.model.exception.CryptoProviderException)
HttpException(io.jans.ca.server.HttpException)
Example 12 with SignatureAlgorithm
use of io.jans.as.model.crypto.signature.SignatureAlgorithm in project jans by JanssenProject.
the class AuthorizationGrant method createAccessTokenAsJwt.
private String createAccessTokenAsJwt(AccessToken accessToken, ExecutionContext context) throws Exception {
final User user = getUser();
final Client client = getClient();
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(appConfiguration.getDefaultSignatureAlgorithm());
if (client.getAccessTokenSigningAlg() != null && SignatureAlgorithm.fromString(client.getAccessTokenSigningAlg()) != null) {
signatureAlgorithm = SignatureAlgorithm.fromString(client.getAccessTokenSigningAlg());
}
final JwtSigner jwtSigner = new JwtSigner(appConfiguration, webKeysConfiguration, signatureAlgorithm, client.getClientId(), clientService.decryptSecret(client.getClientSecret()));
final Jwt jwt = jwtSigner.newJwt();
jwt.getClaims().setClaim("scope", Lists.newArrayList(getScopes()));
jwt.getClaims().setClaim("client_id", getClientId());
jwt.getClaims().setClaim("username", user != null ? user.getAttribute("displayName") : null);
jwt.getClaims().setClaim("token_type", accessToken.getTokenType().getName());
// guarantee uniqueness : without it we can get race condition
jwt.getClaims().setClaim("code", accessToken.getCode());
jwt.getClaims().setExpirationTime(accessToken.getExpirationDate());
jwt.getClaims().setIssuedAt(accessToken.getCreationDate());
jwt.getClaims().setSubjectIdentifier(getSub());
jwt.getClaims().setClaim("x5t#S256", accessToken.getX5ts256());
// DPoP
final String dpop = context.getDpop();
if (StringUtils.isNotBlank(dpop)) {
jwt.getClaims().setNotBefore(accessToken.getCreationDate());
JSONObject cnf = new JSONObject();
cnf.put("jkt", dpop);
jwt.getClaims().setClaim("cnf", cnf);
}
Audience.setAudience(jwt.getClaims(), getClient());
if (isTrue(client.getAttributes().getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims())) {
runIntrospectionScriptAndInjectValuesIntoJwt(jwt, context);
}
final String accessTokenCode = jwtSigner.sign().toString();
if (log.isTraceEnabled())
log.trace("Created access token JWT: {}", accessTokenCode + ", claims: " + jwt.getClaims().toJsonString());
return accessTokenCode;
}
Also used :
JwtSigner(io.jans.as.server.model.token.JwtSigner)
User(io.jans.as.common.model.common.User)
JSONObject(org.json.JSONObject)
Jwt(io.jans.as.model.jwt.Jwt)
SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm)
Client(io.jans.as.common.model.registration.Client)
Example 13 with SignatureAlgorithm
use of io.jans.as.model.crypto.signature.SignatureAlgorithm in project jans by JanssenProject.
the class EDDSASigner method validateSignature.
/**
* Validating a signature.
*/
@Override
public boolean validateSignature(String signingInput, String signature) throws SignatureException {
SignatureAlgorithm signatureAlgorithm = getSignatureAlgorithm();
if (signatureAlgorithm == null) {
throw new SignatureException("The signature algorithm is null");
}
if (!signatureAlgorithm.getFamily().equals(AlgorithmFamily.ED)) {
throw new SignatureException(String.format("Wrong value of the signature algorithm: %s", signatureAlgorithm.getFamily().toString()));
}
if (eddsaPublicKey == null) {
throw new SignatureException("The EDDSA public key is null");
}
if (signingInput == null) {
throw new SignatureException("The signing input is null");
}
try {
X509EncodedKeySpec publicKeySpec = eddsaPublicKey.getPublicKeySpec();
java.security.KeyFactory keyFactory = java.security.KeyFactory.getInstance(signatureAlgorithm.getName());
BCEdDSAPublicKey publicKey = (BCEdDSAPublicKey) keyFactory.generatePublic(publicKeySpec);
Signature virifier = Signature.getInstance(signatureAlgorithm.getName(), "BC");
virifier.initVerify(publicKey);
virifier.update(signingInput.getBytes());
return virifier.verify(Base64Util.base64urldecode(signature));
} catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException | InvalidKeyException | IllegalArgumentException e) {
throw new SignatureException(e);
}
}
Also used :
SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
SignatureException(java.security.SignatureException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
BCEdDSAPublicKey(org.bouncycastle.jcajce.provider.asymmetric.edec.BCEdDSAPublicKey)
Signature(java.security.Signature)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
NoSuchProviderException(java.security.NoSuchProviderException)
Example 14 with SignatureAlgorithm
use of io.jans.as.model.crypto.signature.SignatureAlgorithm in project jans by JanssenProject.
the class EDDSASigner method generateSignature.
/**
* Generating a signature,
* using URL safe based format.
*/
@Override
public String generateSignature(String signingInput) throws SignatureException {
SignatureAlgorithm signatureAlgorithm = getSignatureAlgorithm();
if (signatureAlgorithm == null) {
throw new SignatureException("The signature algorithm is null");
}
if (!signatureAlgorithm.getFamily().equals(AlgorithmFamily.ED)) {
throw new SignatureException(String.format("Wrong value of the signature algorithm: %s", signatureAlgorithm.getFamily().toString()));
}
if (eddsaPrivateKey == null) {
throw new SignatureException("The EDDSA private key is null");
}
if (signingInput == null) {
throw new SignatureException("The signing input is null");
}
try {
PKCS8EncodedKeySpec privateKeySpec = eddsaPrivateKey.getPrivateKeySpec();
java.security.KeyFactory keyFactory = java.security.KeyFactory.getInstance(signatureAlgorithm.getName());
BCEdDSAPrivateKey privateKey = (BCEdDSAPrivateKey) keyFactory.generatePrivate(privateKeySpec);
Signature signer = Signature.getInstance(signatureAlgorithm.getName(), "BC");
signer.initSign(privateKey);
signer.update(signingInput.getBytes());
byte[] signature = signer.sign();
return Base64Util.base64urlencode(signature);
} catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException | InvalidKeyException | IllegalArgumentException e) {
throw new SignatureException(e);
}
}
Also used :
SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm)
SignatureException(java.security.SignatureException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
Signature(java.security.Signature)
BCEdDSAPrivateKey(org.bouncycastle.jcajce.provider.asymmetric.edec.BCEdDSAPrivateKey)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
NoSuchProviderException(java.security.NoSuchProviderException)
Example 15 with SignatureAlgorithm
use of io.jans.as.model.crypto.signature.SignatureAlgorithm in project jans by JanssenProject.
the class ECDSASigner method validateSignature.
/**
* Validating a signature.
*/
@Override
public boolean validateSignature(String signingInput, String signature) throws SignatureException {
if (getSignatureAlgorithm() == null) {
throw new SignatureException("The signature algorithm is null");
}
if (ecdsaPublicKey == null) {
throw new SignatureException("The ECDSA public key is null");
}
if (signingInput == null) {
throw new SignatureException("The signing input is null");
}
SignatureAlgorithm signatureAlgorithm = getSignatureAlgorithm();
try {
byte[] sigBytes = Base64Util.base64urldecode(signature);
if (AlgorithmFamily.EC.equals(getSignatureAlgorithm().getFamily())) {
sigBytes = ECDSA.transcodeSignatureToDER(sigBytes);
}
byte[] sigInBytes = signingInput.getBytes(StandardCharsets.UTF_8);
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(signatureAlgorithm.getCurve().getAlias());
ECPoint pointQ = ecSpec.getCurve().createPoint(ecdsaPublicKey.getX(), ecdsaPublicKey.getY());
ECPublicKeySpec publicKeySpec = new ECPublicKeySpec(pointQ, ecSpec);
KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
Signature sig = Signature.getInstance(signatureAlgorithm.getAlgorithm(), "BC");
sig.initVerify(publicKey);
sig.update(sigInBytes);
return sig.verify(sigBytes);
} catch (Exception e) {
throw new SignatureException(e);
}
}
Also used :
ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec)
PublicKey(java.security.PublicKey)
ECDSAPublicKey(io.jans.as.model.crypto.signature.ECDSAPublicKey)
Signature(java.security.Signature)
SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm)
SignatureException(java.security.SignatureException)
ECPoint(org.bouncycastle.math.ec.ECPoint)
ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec)
KeyFactory(java.security.KeyFactory)
SignatureException(java.security.SignatureException)
Aggregations
SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)28
JSONObject (org.json.JSONObject)10
Jwt (io.jans.as.model.jwt.Jwt)8
InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)7
HttpException (io.jans.ca.server.HttpException)7
KeyEncryptionAlgorithm (io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)6
WebApplicationException (javax.ws.rs.WebApplicationException)6
Client (io.jans.as.common.model.registration.Client)5
RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)5
BlockEncryptionAlgorithm (io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm)4
ECDSAPublicKey (io.jans.as.model.crypto.signature.ECDSAPublicKey)4
Signature (java.security.Signature)4
SignatureException (java.security.SignatureException)4
Date (java.util.Date)4
User (io.jans.as.common.model.common.User)3
AuthenticationMethod (io.jans.as.model.common.AuthenticationMethod)3
CryptoProviderException (io.jans.as.model.exception.CryptoProviderException)3
ECDSASigner (io.jans.as.model.jws.ECDSASigner)3
RegisterRequest (io.jans.as.client.RegisterRequest)2
GrantType (io.jans.as.model.common.GrantType)2
