use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.
the class JwkClient method exec.
/**
* Executes the call to the REST Service requesting the JWK and processes
* the response.
*
* @return The service response.
*/
public JwkResponse exec() {
if (getRequest() == null) {
setRequest(new JwkRequest());
}
// Prepare request parameters
initClient();
Builder clientRequest = webTarget.request();
applyCookies(clientRequest);
if (getRequest().hasCredentials()) {
String encodedCredentials = getRequest().getEncodedCredentials();
clientRequest.header("Authorization", "Basic " + encodedCredentials);
}
clientRequest.accept(MediaType.APPLICATION_JSON);
// Call REST Service and handle response
try {
clientResponse = clientRequest.buildGet().invoke();
int status = clientResponse.getStatus();
setResponse(new JwkResponse(status));
getResponse().setHeaders(clientResponse.getMetadata());
String entity = clientResponse.readEntity(String.class);
getResponse().setEntity(entity);
if (StringUtils.isNotBlank(entity)) {
JSONObject jsonObj = new JSONObject(entity);
if (jsonObj.has(JSON_WEB_KEY_SET)) {
JSONWebKeySet jwks = JSONWebKeySet.fromJSONObject(jsonObj);
getResponse().setJwks(jwks);
}
}
} catch (Exception e) {
e.printStackTrace();
} finally {
closeConnection();
}
return getResponse();
}
use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.
the class AuthenticationFilter method validateDpopSignature.
private boolean validateDpopSignature(Jwt dpop, JSONWebKey jwk, String dpopJwkThumbprint) throws Exception {
if (dpopJwkThumbprint == null) {
throw new InvalidJwtException("Invalid DPoP Proof Header. The jwk header is not valid.");
}
JSONWebKeySet jwks = new JSONWebKeySet();
jwks.getKeys().add(jwk);
return cryptoProvider.verifySignature(dpop.getSigningInput(), dpop.getEncodedSignature(), null, jwks.toJSONObject(), null, dpop.getHeader().getSignatureAlgorithm());
}
use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.
the class KeyGeneratorService method generateKeys.
private JSONWebKeySet generateKeys(List<Algorithm> signatureAlgorithms, List<Algorithm> encryptionAlgorithms, int expiration_hours) {
LOG.trace("Generating jwks keys...");
JSONWebKeySet jwks = new JSONWebKeySet();
Calendar calendar = new GregorianCalendar();
calendar.add(Calendar.HOUR, expiration_hours);
for (Algorithm algorithm : signatureAlgorithms) {
try {
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(algorithm.name());
JSONObject result = this.cryptoProvider.generateKey(algorithm, calendar.getTimeInMillis());
JSONWebKey key = JSONWebKey.fromJSONObject(result);
jwks.getKeys().add(key);
} catch (Exception ex) {
LOG.error(ex.getMessage(), ex);
}
}
for (Algorithm algorithm : encryptionAlgorithms) {
try {
KeyEncryptionAlgorithm encryptionAlgorithm = KeyEncryptionAlgorithm.fromName(algorithm.getParamName());
JSONObject result = this.cryptoProvider.generateKey(algorithm, calendar.getTimeInMillis());
JSONWebKey key = JSONWebKey.fromJSONObject(result);
jwks.getKeys().add(key);
} catch (Exception ex) {
LOG.error(ex.getMessage(), ex);
}
}
// LOG.trace("jwks: ", jwks);
LOG.trace("jwks generated successfully.");
return jwks;
}
use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.
the class KeyGeneratorService method getKeys.
public JSONWebKeySet getKeys() {
if (configuration.getEnableJwksGeneration()) {
if (keys != null && !keys.getKeys().isEmpty()) {
return this.keys;
}
// if keys not found then search in storage
JSONWebKeySet keys = getKeysFromStorage();
if (keys != null && !keys.getKeys().isEmpty()) {
this.keys = keys;
return this.keys;
}
// generate new keys in case they do not exist
generateKeys();
return this.keys;
}
LOG.info("Relying party JWKS generation is disabled in running jans_client_api instance. To enable it set `enable_jwks_generation` field to true in `client-api-server.yml`.");
throw new HttpException(ErrorResponseCode.JWKS_GENERATION_DISABLE);
}
use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.
the class KeyGeneratorService method generateKeys.
public void generateKeys() {
List<Algorithm> signatureAlgorithms = Lists.newArrayList(Algorithm.RS256, Algorithm.RS384, Algorithm.RS512, Algorithm.ES256, Algorithm.ES384, Algorithm.ES512, Algorithm.PS256, Algorithm.PS384, Algorithm.PS512);
List<Algorithm> encryptionAlgorithms = Lists.newArrayList(Algorithm.RSA1_5, Algorithm.RSA_OAEP);
try {
if (configuration.getEnableJwksGeneration()) {
JSONWebKeySet keySet = generateKeys(signatureAlgorithms, encryptionAlgorithms, configuration.getJwksExpirationInHours());
saveKeysInStorage(keySet.toString());
setKeys(keySet);
}
} catch (Exception e) {
LOG.error("Failed to generate json web keys.", e);
throw new RuntimeException("Failed to generate json web keys.", e);
}
}
Aggregations