Search in sources :

Example 1 with CryptoProviderException

use of io.jans.as.model.exception.CryptoProviderException in project jans by JanssenProject.

the class AuthCryptoProvider method getPrivateKey.

@Override
public PrivateKey getPrivateKey(String alias) throws CryptoProviderException {
    if (Util.isNullOrEmpty(alias)) {
        return null;
    }
    try {
        Key key = keyStore.getKey(alias, keyStoreSecret.toCharArray());
        if (key == null) {
            return null;
        }
        PrivateKey privateKey = (PrivateKey) key;
        checkKeyExpiration(alias);
        return privateKey;
    } catch (UnrecoverableKeyException | KeyStoreException | NoSuchAlgorithmException e) {
        throw new CryptoProviderException(e);
    }
}
Also used : PrivateKey(java.security.PrivateKey) UnrecoverableKeyException(java.security.UnrecoverableKeyException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) RSAPublicKey(java.security.interfaces.RSAPublicKey) JSONWebKey(io.jans.as.model.jwk.JSONWebKey) Key(java.security.Key) PrivateKey(java.security.PrivateKey) SecretKey(javax.crypto.SecretKey) ECPublicKey(java.security.interfaces.ECPublicKey) PublicKey(java.security.PublicKey) EdDSAPublicKey(org.bouncycastle.jcajce.interfaces.EdDSAPublicKey) CryptoProviderException(io.jans.as.model.exception.CryptoProviderException)

Example 2 with CryptoProviderException

use of io.jans.as.model.exception.CryptoProviderException in project jans by JanssenProject.

the class ElevenCryptoProvider method sign.

@Override
public String sign(String signingInput, String keyId, String shardSecret, SignatureAlgorithm signatureAlgorithm) throws CryptoProviderException {
    SignRequest request = new SignRequest();
    request.getSignRequestParam().setSigningInput(signingInput);
    request.getSignRequestParam().setAlias(keyId);
    request.getSignRequestParam().setSharedSecret(shardSecret);
    request.getSignRequestParam().setSignatureAlgorithm(signatureAlgorithm.getName());
    request.setAccessToken(accessToken);
    SignClient client = new SignClient(signEndpoint);
    client.setRequest(request);
    SignResponse response = null;
    try {
        response = client.exec();
    } catch (Exception e) {
        throw new CryptoProviderException(e);
    }
    if (response.getStatus() == HttpStatus.SC_OK && response.getSignature() != null) {
        return response.getSignature();
    } else {
        throw new CryptoProviderException(response.getEntity());
    }
}
Also used : SignRequest(io.jans.eleven.client.SignRequest) SignResponse(io.jans.eleven.client.SignResponse) SignClient(io.jans.eleven.client.SignClient) CryptoProviderException(io.jans.as.model.exception.CryptoProviderException) CryptoProviderException(io.jans.as.model.exception.CryptoProviderException)

Example 3 with CryptoProviderException

use of io.jans.as.model.exception.CryptoProviderException in project jans by JanssenProject.

the class ElevenCryptoProvider method deleteKey.

@Override
public boolean deleteKey(String keyId) throws CryptoProviderException {
    DeleteKeyRequest request = new DeleteKeyRequest();
    request.setAlias(keyId);
    request.setAccessToken(accessToken);
    DeleteKeyClient client = new DeleteKeyClient(deleteKeyEndpoint);
    client.setRequest(request);
    DeleteKeyResponse response = null;
    try {
        response = client.exec();
    } catch (Exception e) {
        throw new CryptoProviderException(e);
    }
    if (response.getStatus() == HttpStatus.SC_OK) {
        return response.isDeleted();
    } else {
        throw new CryptoProviderException(response.getEntity());
    }
}
Also used : DeleteKeyClient(io.jans.eleven.client.DeleteKeyClient) DeleteKeyResponse(io.jans.eleven.client.DeleteKeyResponse) DeleteKeyRequest(io.jans.eleven.client.DeleteKeyRequest) CryptoProviderException(io.jans.as.model.exception.CryptoProviderException) CryptoProviderException(io.jans.as.model.exception.CryptoProviderException)

Example 4 with CryptoProviderException

use of io.jans.as.model.exception.CryptoProviderException in project jans by JanssenProject.

the class ServerCryptoProvider method getKeyId.

@Override
public String getKeyId(JSONWebKeySet jsonWebKeySet, Algorithm algorithm, Use use) throws CryptoProviderException {
    try {
        if (algorithm == null || AlgorithmFamily.HMAC.equals(algorithm.getFamily())) {
            return null;
        }
        final AppConfiguration appConfiguration = configurationFactory.getAppConfiguration();
        if (appConfiguration.getKeySignWithSameKeyButDiffAlg()) {
            // open banking: same key with different algorithms
            LOG.trace("Getting key by use: " + use);
            for (JSONWebKey key : jsonWebKeySet.getKeys()) {
                if (use != null && use == key.getUse()) {
                    LOG.trace("Found " + key.getKid() + ", use: " + use);
                    return key.getKid();
                }
            }
        }
        final String staticKid = appConfiguration.getStaticKid();
        if (StringUtils.isNotBlank(staticKid)) {
            LOG.trace("Use staticKid: " + staticKid);
            return staticKid;
        }
        final String kid = cryptoProvider.getKeyId(jsonWebKeySet, algorithm, use);
        if (!cryptoProvider.getKeys().contains(kid) && configurationFactory.reloadConfFromLdap()) {
            return cryptoProvider.getKeyId(jsonWebKeySet, algorithm, use);
        }
        return kid;
    } catch (CryptoProviderException e) {
        LOG.trace("Try to re-load configuration due to keystore exception (it can be rotated).");
        if (configurationFactory.reloadConfFromLdap()) {
            return cryptoProvider.getKeyId(jsonWebKeySet, algorithm, use);
        }
    }
    return null;
}
Also used : JSONWebKey(io.jans.as.model.jwk.JSONWebKey) AppConfiguration(io.jans.as.model.configuration.AppConfiguration) CryptoProviderException(io.jans.as.model.exception.CryptoProviderException)

Example 5 with CryptoProviderException

use of io.jans.as.model.exception.CryptoProviderException in project jans by JanssenProject.

the class AuthCryptoProvider method getPublicKey.

@Override
public PublicKey getPublicKey(String alias) throws CryptoProviderException {
    if (Util.isNullOrEmpty(alias) || keyStore == null) {
        return null;
    }
    try {
        java.security.cert.Certificate certificate = keyStore.getCertificate(alias);
        if (certificate == null) {
            return null;
        }
        checkKeyExpiration(alias);
        return certificate.getPublicKey();
    } catch (KeyStoreException e) {
        throw new CryptoProviderException(e);
    }
}
Also used : Certificate(java.security.cert.Certificate) KeyStoreException(java.security.KeyStoreException) CryptoProviderException(io.jans.as.model.exception.CryptoProviderException)

Aggregations

CryptoProviderException (io.jans.as.model.exception.CryptoProviderException)10 JSONWebKey (io.jans.as.model.jwk.JSONWebKey)4 KeyStoreException (java.security.KeyStoreException)3 PrivateKey (java.security.PrivateKey)3 PublicKey (java.security.PublicKey)3 AppConfiguration (io.jans.as.model.configuration.AppConfiguration)2 SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)2 Key (java.security.Key)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 UnrecoverableKeyException (java.security.UnrecoverableKeyException)2 ECPublicKey (java.security.interfaces.ECPublicKey)2 RSAPublicKey (java.security.interfaces.RSAPublicKey)2 ArrayList (java.util.ArrayList)2 SecretKey (javax.crypto.SecretKey)2 EdDSAPublicKey (org.bouncycastle.jcajce.interfaces.EdDSAPublicKey)2 JWEAlgorithm (com.nimbusds.jose.JWEAlgorithm)1 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)1 RSAKey (com.nimbusds.jose.jwk.RSAKey)1 AbstractCryptoProvider (io.jans.as.model.crypto.AbstractCryptoProvider)1 BlockEncryptionAlgorithm (io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm)1