use of io.jans.as.model.crypto.signature.SignatureAlgorithm in project jans by JanssenProject.
the class KeyGeneratorService method generateKeys.
private JSONWebKeySet generateKeys(List<Algorithm> signatureAlgorithms, List<Algorithm> encryptionAlgorithms, int expiration_hours) {
LOG.trace("Generating jwks keys...");
JSONWebKeySet jwks = new JSONWebKeySet();
Calendar calendar = new GregorianCalendar();
calendar.add(Calendar.HOUR, expiration_hours);
for (Algorithm algorithm : signatureAlgorithms) {
try {
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(algorithm.name());
JSONObject result = this.cryptoProvider.generateKey(algorithm, calendar.getTimeInMillis());
JSONWebKey key = JSONWebKey.fromJSONObject(result);
jwks.getKeys().add(key);
} catch (Exception ex) {
LOG.error(ex.getMessage(), ex);
}
}
for (Algorithm algorithm : encryptionAlgorithms) {
try {
KeyEncryptionAlgorithm encryptionAlgorithm = KeyEncryptionAlgorithm.fromName(algorithm.getParamName());
JSONObject result = this.cryptoProvider.generateKey(algorithm, calendar.getTimeInMillis());
JSONWebKey key = JSONWebKey.fromJSONObject(result);
jwks.getKeys().add(key);
} catch (Exception ex) {
LOG.error(ex.getMessage(), ex);
}
}
// LOG.trace("jwks: ", jwks);
LOG.trace("jwks generated successfully.");
return jwks;
}
use of io.jans.as.model.crypto.signature.SignatureAlgorithm in project jans by JanssenProject.
the class AuthorizationGrant method createAccessTokenAsJwt.
private String createAccessTokenAsJwt(AccessToken accessToken, ExecutionContext context) throws Exception {
final User user = getUser();
final Client client = getClient();
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(appConfiguration.getDefaultSignatureAlgorithm());
if (client.getAccessTokenSigningAlg() != null && SignatureAlgorithm.fromString(client.getAccessTokenSigningAlg()) != null) {
signatureAlgorithm = SignatureAlgorithm.fromString(client.getAccessTokenSigningAlg());
}
final JwtSigner jwtSigner = new JwtSigner(appConfiguration, webKeysConfiguration, signatureAlgorithm, client.getClientId(), clientService.decryptSecret(client.getClientSecret()));
final Jwt jwt = jwtSigner.newJwt();
jwt.getClaims().setClaim("scope", Lists.newArrayList(getScopes()));
jwt.getClaims().setClaim("client_id", getClientId());
jwt.getClaims().setClaim("username", user != null ? user.getAttribute("displayName") : null);
jwt.getClaims().setClaim("token_type", accessToken.getTokenType().getName());
// guarantee uniqueness : without it we can get race condition
jwt.getClaims().setClaim("code", accessToken.getCode());
jwt.getClaims().setExpirationTime(accessToken.getExpirationDate());
jwt.getClaims().setIssuedAt(accessToken.getCreationDate());
jwt.getClaims().setSubjectIdentifier(getSub());
jwt.getClaims().setClaim("x5t#S256", accessToken.getX5ts256());
// DPoP
final String dpop = context.getDpop();
if (StringUtils.isNotBlank(dpop)) {
jwt.getClaims().setNotBefore(accessToken.getCreationDate());
JSONObject cnf = new JSONObject();
cnf.put("jkt", dpop);
jwt.getClaims().setClaim("cnf", cnf);
}
Audience.setAudience(jwt.getClaims(), getClient());
if (isTrue(client.getAttributes().getRunIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims())) {
runIntrospectionScriptAndInjectValuesIntoJwt(jwt, context);
}
final String accessTokenCode = jwtSigner.sign().toString();
if (log.isTraceEnabled())
log.trace("Created access token JWT: {}", accessTokenCode + ", claims: " + jwt.getClaims().toJsonString());
return accessTokenCode;
}
use of io.jans.as.model.crypto.signature.SignatureAlgorithm in project jans by JanssenProject.
the class EDDSASigner method validateSignature.
/**
* Validating a signature.
*/
@Override
public boolean validateSignature(String signingInput, String signature) throws SignatureException {
SignatureAlgorithm signatureAlgorithm = getSignatureAlgorithm();
if (signatureAlgorithm == null) {
throw new SignatureException("The signature algorithm is null");
}
if (!signatureAlgorithm.getFamily().equals(AlgorithmFamily.ED)) {
throw new SignatureException(String.format("Wrong value of the signature algorithm: %s", signatureAlgorithm.getFamily().toString()));
}
if (eddsaPublicKey == null) {
throw new SignatureException("The EDDSA public key is null");
}
if (signingInput == null) {
throw new SignatureException("The signing input is null");
}
try {
X509EncodedKeySpec publicKeySpec = eddsaPublicKey.getPublicKeySpec();
java.security.KeyFactory keyFactory = java.security.KeyFactory.getInstance(signatureAlgorithm.getName());
BCEdDSAPublicKey publicKey = (BCEdDSAPublicKey) keyFactory.generatePublic(publicKeySpec);
Signature virifier = Signature.getInstance(signatureAlgorithm.getName(), "BC");
virifier.initVerify(publicKey);
virifier.update(signingInput.getBytes());
return virifier.verify(Base64Util.base64urldecode(signature));
} catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException | InvalidKeyException | IllegalArgumentException e) {
throw new SignatureException(e);
}
}
use of io.jans.as.model.crypto.signature.SignatureAlgorithm in project jans by JanssenProject.
the class EDDSASigner method generateSignature.
/**
* Generating a signature,
* using URL safe based format.
*/
@Override
public String generateSignature(String signingInput) throws SignatureException {
SignatureAlgorithm signatureAlgorithm = getSignatureAlgorithm();
if (signatureAlgorithm == null) {
throw new SignatureException("The signature algorithm is null");
}
if (!signatureAlgorithm.getFamily().equals(AlgorithmFamily.ED)) {
throw new SignatureException(String.format("Wrong value of the signature algorithm: %s", signatureAlgorithm.getFamily().toString()));
}
if (eddsaPrivateKey == null) {
throw new SignatureException("The EDDSA private key is null");
}
if (signingInput == null) {
throw new SignatureException("The signing input is null");
}
try {
PKCS8EncodedKeySpec privateKeySpec = eddsaPrivateKey.getPrivateKeySpec();
java.security.KeyFactory keyFactory = java.security.KeyFactory.getInstance(signatureAlgorithm.getName());
BCEdDSAPrivateKey privateKey = (BCEdDSAPrivateKey) keyFactory.generatePrivate(privateKeySpec);
Signature signer = Signature.getInstance(signatureAlgorithm.getName(), "BC");
signer.initSign(privateKey);
signer.update(signingInput.getBytes());
byte[] signature = signer.sign();
return Base64Util.base64urlencode(signature);
} catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException | InvalidKeyException | IllegalArgumentException e) {
throw new SignatureException(e);
}
}
use of io.jans.as.model.crypto.signature.SignatureAlgorithm in project jans by JanssenProject.
the class ECDSASigner method validateSignature.
/**
* Validating a signature.
*/
@Override
public boolean validateSignature(String signingInput, String signature) throws SignatureException {
if (getSignatureAlgorithm() == null) {
throw new SignatureException("The signature algorithm is null");
}
if (ecdsaPublicKey == null) {
throw new SignatureException("The ECDSA public key is null");
}
if (signingInput == null) {
throw new SignatureException("The signing input is null");
}
SignatureAlgorithm signatureAlgorithm = getSignatureAlgorithm();
try {
byte[] sigBytes = Base64Util.base64urldecode(signature);
if (AlgorithmFamily.EC.equals(getSignatureAlgorithm().getFamily())) {
sigBytes = ECDSA.transcodeSignatureToDER(sigBytes);
}
byte[] sigInBytes = signingInput.getBytes(StandardCharsets.UTF_8);
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(signatureAlgorithm.getCurve().getAlias());
ECPoint pointQ = ecSpec.getCurve().createPoint(ecdsaPublicKey.getX(), ecdsaPublicKey.getY());
ECPublicKeySpec publicKeySpec = new ECPublicKeySpec(pointQ, ecSpec);
KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
Signature sig = Signature.getInstance(signatureAlgorithm.getAlgorithm(), "BC");
sig.initVerify(publicKey);
sig.update(sigInBytes);
return sig.verify(sigBytes);
} catch (Exception e) {
throw new SignatureException(e);
}
}
Aggregations