Search in sources :

Example 1 with InvalidParameterException

use of io.jans.as.model.exception.InvalidParameterException in project jans by JanssenProject.

the class AbstractCryptoProvider method processKey.

private PublicKey processKey(Algorithm requestedAlgorithm, String alias, JSONObject key) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidParameterSpecException, InvalidParameterException {
    PublicKey publicKey = null;
    AlgorithmFamily algorithmFamily = null;
    if (key.has(JWKParameter.ALGORITHM)) {
        Algorithm algorithm = Algorithm.fromString(key.optString(JWKParameter.ALGORITHM));
        if (requestedAlgorithm != null && !requestedAlgorithm.equals(algorithm)) {
            LOG.trace("kid matched but algorithm does not match. kid algorithm:" + algorithm + ", requestedAlgorithm:" + requestedAlgorithm + ", kid:" + alias);
            return null;
        }
        algorithmFamily = algorithm.getFamily();
    } else if (key.has(JWKParameter.KEY_TYPE)) {
        algorithmFamily = AlgorithmFamily.fromString(key.getString(JWKParameter.KEY_TYPE));
    } else {
        throw new InvalidParameterException("Wrong key (JSONObject): doesn't contain 'alg' and 'kty' properties");
    }
    switch(algorithmFamily) {
        case RSA:
            {
                KeyFactory keyFactory = KeyFactory.getInstance("RSA");
                RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger(1, Base64Util.base64urldecode(key.getString(JWKParameter.MODULUS))), new BigInteger(1, Base64Util.base64urldecode(key.getString(JWKParameter.EXPONENT))));
                publicKey = keyFactory.generatePublic(pubKeySpec);
                break;
            }
        case EC:
            {
                EllipticEdvardsCurve curve = EllipticEdvardsCurve.fromString(key.optString(JWKParameter.CURVE));
                AlgorithmParameters parameters = AlgorithmParameters.getInstance(AlgorithmFamily.EC.toString());
                parameters.init(new ECGenParameterSpec(curve.getAlias()));
                ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
                publicKey = KeyFactory.getInstance(AlgorithmFamily.EC.toString()).generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, Base64Util.base64urldecode(key.getString(JWKParameter.X))), new BigInteger(1, Base64Util.base64urldecode(key.getString(JWKParameter.Y)))), ecParameters));
                break;
            }
        case ED:
            {
                X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64Util.base64urldecode(key.getString(JWKParameter.X)));
                publicKey = KeyFactory.getInstance(key.optString(JWKParameter.ALGORITHM)).generatePublic(publicKeySpec);
                break;
            }
        default:
            {
                throw new InvalidParameterException(String.format("Wrong AlgorithmFamily value: %s", algorithmFamily));
            }
    }
    if (key.has(JWKParameter.EXPIRATION_TIME)) {
        checkKeyExpiration(alias, key.getLong(JWKParameter.EXPIRATION_TIME));
    }
    return publicKey;
}
Also used : PublicKey(java.security.PublicKey) ECGenParameterSpec(java.security.spec.ECGenParameterSpec) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) EllipticEdvardsCurve(io.jans.as.model.crypto.signature.EllipticEdvardsCurve) ECPoint(java.security.spec.ECPoint) SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm) Algorithm(io.jans.as.model.jwk.Algorithm) AlgorithmFamily(io.jans.as.model.crypto.signature.AlgorithmFamily) ECPublicKeySpec(java.security.spec.ECPublicKeySpec) InvalidParameterException(io.jans.as.model.exception.InvalidParameterException) ECParameterSpec(java.security.spec.ECParameterSpec) BigInteger(java.math.BigInteger) KeyFactory(java.security.KeyFactory) AlgorithmParameters(java.security.AlgorithmParameters)

Example 2 with InvalidParameterException

use of io.jans.as.model.exception.InvalidParameterException in project jans by JanssenProject.

the class JwtUtil method getPublicKey.

public static io.jans.as.model.crypto.PublicKey getPublicKey(String jwksUri, String jwks, SignatureAlgorithm signatureAlgorithm, String keyId) {
    JSONObject jsonKeyValue = getJsonKey(jwksUri, jwks, keyId);
    if (jsonKeyValue == null) {
        return null;
    }
    io.jans.as.model.crypto.PublicKey publicKey = null;
    try {
        String resultKeyId = jsonKeyValue.getString(KEY_ID);
        if (signatureAlgorithm == null) {
            signatureAlgorithm = SignatureAlgorithm.fromString(jsonKeyValue.getString(ALGORITHM));
            if (signatureAlgorithm == null) {
                log.error(String.format("Failed to determine key '%s' signature algorithm", resultKeyId));
                return null;
            }
        }
        JSONObject jsonPublicKey = jsonKeyValue;
        if (jsonKeyValue.has(PUBLIC_KEY)) {
            // Use internal jwks.json format
            jsonPublicKey = jsonKeyValue.getJSONObject(PUBLIC_KEY);
        }
        AlgorithmFamily algorithmFamily = signatureAlgorithm.getFamily();
        if (algorithmFamily == AlgorithmFamily.RSA) {
            String exp = jsonPublicKey.getString(EXPONENT);
            String mod = jsonPublicKey.getString(MODULUS);
            BigInteger publicExponent = new BigInteger(1, Base64Util.base64urldecode(exp));
            BigInteger modulus = new BigInteger(1, Base64Util.base64urldecode(mod));
            publicKey = new RSAPublicKey(modulus, publicExponent);
        } else if (algorithmFamily == AlgorithmFamily.EC) {
            String xx = jsonPublicKey.getString(X);
            String yy = jsonPublicKey.getString(Y);
            BigInteger x = new BigInteger(1, Base64Util.base64urldecode(xx));
            BigInteger y = new BigInteger(1, Base64Util.base64urldecode(yy));
            publicKey = new ECDSAPublicKey(signatureAlgorithm, x, y);
        } else if (algorithmFamily == AlgorithmFamily.ED) {
            String xx = jsonPublicKey.getString(X);
            BigInteger x = new BigInteger(1, Base64Util.base64urldecode(xx));
            publicKey = new EDDSAPublicKey(signatureAlgorithm, x.toByteArray());
        } else {
            throw new InvalidParameterException("Wrong value of the AlgorithmFamily: algorithmFamily = " + algorithmFamily);
        }
        if (jsonKeyValue.has(CERTIFICATE_CHAIN)) {
            final String BEGIN = "-----BEGIN CERTIFICATE-----";
            final String END = "-----END CERTIFICATE-----";
            JSONArray certChain = jsonKeyValue.getJSONArray(CERTIFICATE_CHAIN);
            String certificateString = BEGIN + "\n" + certChain.getString(0) + "\n" + END;
            StringReader sr = new StringReader(certificateString);
            PEMParser pemReader = new PEMParser(sr);
            X509Certificate cert = (X509CertificateObject) pemReader.readObject();
            io.jans.as.model.crypto.Certificate certificate = new Certificate(signatureAlgorithm, cert);
            publicKey.setCertificate(certificate);
        }
        publicKey.setKeyId(resultKeyId);
        publicKey.setSignatureAlgorithm(signatureAlgorithm);
    } catch (Exception ex) {
        log.error(ex.getMessage(), ex);
    }
    return publicKey;
}
Also used : EDDSAPublicKey(io.jans.as.model.crypto.signature.EDDSAPublicKey) JSONArray(org.json.JSONArray) AlgorithmFamily(io.jans.as.model.crypto.signature.AlgorithmFamily) X509Certificate(java.security.cert.X509Certificate) InvalidParameterException(io.jans.as.model.exception.InvalidParameterException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) NoSuchProviderException(java.security.NoSuchProviderException) Certificate(io.jans.as.model.crypto.Certificate) InvalidParameterException(io.jans.as.model.exception.InvalidParameterException) JSONObject(org.json.JSONObject) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) PEMParser(org.bouncycastle.openssl.PEMParser) X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) StringReader(java.io.StringReader) BigInteger(java.math.BigInteger) ECDSAPublicKey(io.jans.as.model.crypto.signature.ECDSAPublicKey) X509Certificate(java.security.cert.X509Certificate) Certificate(io.jans.as.model.crypto.Certificate)

Aggregations

AlgorithmFamily (io.jans.as.model.crypto.signature.AlgorithmFamily)2 InvalidParameterException (io.jans.as.model.exception.InvalidParameterException)2 BigInteger (java.math.BigInteger)2 Certificate (io.jans.as.model.crypto.Certificate)1 ECDSAPublicKey (io.jans.as.model.crypto.signature.ECDSAPublicKey)1 EDDSAPublicKey (io.jans.as.model.crypto.signature.EDDSAPublicKey)1 EllipticEdvardsCurve (io.jans.as.model.crypto.signature.EllipticEdvardsCurve)1 RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)1 SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)1 Algorithm (io.jans.as.model.jwk.Algorithm)1 IOException (java.io.IOException)1 StringReader (java.io.StringReader)1 AlgorithmParameters (java.security.AlgorithmParameters)1 KeyFactory (java.security.KeyFactory)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 NoSuchProviderException (java.security.NoSuchProviderException)1 PublicKey (java.security.PublicKey)1 X509Certificate (java.security.cert.X509Certificate)1 ECGenParameterSpec (java.security.spec.ECGenParameterSpec)1 ECParameterSpec (java.security.spec.ECParameterSpec)1