use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.
the class CrossEncryptionTest method nestedJWTProducedByGluu.
@Test
public void nestedJWTProducedByGluu() throws Exception {
AppConfiguration appConfiguration = new AppConfiguration();
List<JSONWebKey> keyArrayList = new ArrayList<JSONWebKey>();
keyArrayList.add(getSenderWebKey());
JSONWebKeySet keySet = new JSONWebKeySet();
keySet.setKeys(keyArrayList);
final JwtSigner jwtSigner = new JwtSigner(appConfiguration, keySet, SignatureAlgorithm.RS256, "audience", null, new AbstractCryptoProvider() {
@Override
public JSONObject generateKey(Algorithm algorithm, Long expirationTime) throws CryptoProviderException {
return null;
}
@Override
public JSONObject generateKey(Algorithm algorithm, Long expirationTime, int keyLength) throws CryptoProviderException {
return null;
}
@Override
public boolean containsKey(String keyId) {
return false;
}
@Override
public String sign(String signingInput, String keyId, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws CryptoProviderException {
try {
RSAPrivateKey privateKey = ((RSAKey) JWK.parse(senderJwkJson)).toRSAPrivateKey();
Signature signature = Signature.getInstance(signatureAlgorithm.getAlgorithm(), "BC");
signature.initSign(privateKey);
signature.update(signingInput.getBytes());
return Base64Util.base64urlencode(signature.sign());
} catch (JOSEException | ParseException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeyException | SignatureException e) {
throw new CryptoProviderException(e);
}
}
@Override
public boolean verifySignature(String signingInput, String encodedSignature, String keyId, JSONObject jwks, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws CryptoProviderException {
return false;
}
@Override
public boolean deleteKey(String keyId) throws CryptoProviderException {
return false;
}
@Override
public PrivateKey getPrivateKey(String keyId) throws CryptoProviderException {
throw new UnsupportedOperationException("Method not implemented.");
}
@Override
public PublicKey getPublicKey(String keyId) {
throw new UnsupportedOperationException("Method not implemented.");
}
});
Jwt jwt = jwtSigner.newJwt();
jwt.getClaims().setSubjectIdentifier("testing");
jwt.getClaims().setIssuer("https:devgluu.saminet.local");
jwt = jwtSigner.sign();
RSAKey recipientPublicJWK = (RSAKey) (JWK.parse(recipientJwkJson));
BlockEncryptionAlgorithm blockEncryptionAlgorithm = BlockEncryptionAlgorithm.A128GCM;
KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.RSA_OAEP;
Jwe jwe = new Jwe();
jwe.getHeader().setType(JwtType.JWT);
jwe.getHeader().setAlgorithm(keyEncryptionAlgorithm);
jwe.getHeader().setEncryptionMethod(blockEncryptionAlgorithm);
jwe.getHeader().setKeyId("1");
jwe.setSignedJWTPayload(jwt);
JweEncrypterImpl encrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, recipientPublicJWK.toPublicKey());
String jweString = encrypter.encrypt(jwe).toString();
decryptAndValidateSignatureWithGluu(jweString);
decryptAndValidateSignatureWithNimbus(jweString);
}
use of io.jans.as.model.jwk.JSONWebKey in project jans by JanssenProject.
the class PublicOpKeyService method getPublicKey.
public PublicKey getPublicKey(String jwkSetUrl, String keyId, SignatureAlgorithm signatureAlgorithm, Use use) {
// Get keys from cache if present
Optional<PublicKey> cachedKey = getCachedKey(jwkSetUrl, keyId);
if (cachedKey.isPresent()) {
LOG.debug("Taken public key from cache. jwks_url: {}, kid : {} ", jwkSetUrl, keyId);
return cachedKey.get();
}
// Request jwks from OP
JwkClient jwkClient = opClientFactory.createJwkClient(jwkSetUrl);
jwkClient.setExecutor(new ApacheHttpClient43Engine(httpService.getHttpClient()));
JwkResponse jwkResponse = jwkClient.exec();
if (jwkResponse == null || jwkResponse.getStatus() != 200) {
LOG.error("Failed to fetch public key from OP. Obtained Response : {}", (jwkResponse == null ? jwkResponse : jwkResponse.getStatus()));
throw new RuntimeException("Failed to fetch public key from OP. Obtained Response : " + (jwkResponse == null ? jwkResponse : jwkResponse.getStatus()));
}
if (!Strings.isNullOrEmpty(keyId)) {
PublicKey publicKey = jwkResponse.getPublicKey(keyId);
if (publicKey != null) {
cache.put((new Pair<>(jwkSetUrl, keyId)), publicKey);
return publicKey;
}
} else {
JSONWebKeySet jsonWebKeySet = jwkResponse.getJwks();
List<PublicKey> pks = Lists.newArrayList();
for (JSONWebKey key : jsonWebKeySet.getKeys()) {
if (key.getKty() == null)
continue;
if (signatureAlgorithm.getFamily().toString().equals(key.getKty().toString()) && (use == null || use == key.getUse())) {
pks.add(getPublicKey(key));
}
}
if (pks.size() > 1) {
LOG.error("Multiple matching keys found in issuer's jwks_uri for algorithm : {}. `kid` must be provided in this case.", signatureAlgorithm.getName());
throw new RuntimeException("Multiple matching keys found in issuer's jwks_uri for algorithm : " + signatureAlgorithm.getName() + ". `kid` must be provided in this case.");
}
if (pks.size() == 1) {
if (!Strings.isNullOrEmpty(pks.get(0).getKeyId())) {
cache.put((new Pair<>(jwkSetUrl, pks.get(0).getKeyId())), pks.get(0));
}
return pks.get(0);
}
}
LOG.error("Failed to fetch public key from OP.");
throw new RuntimeException("Failed to fetch public key from OP.");
}
Aggregations