Example 1 with JSONWebKeySet
use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.
the class JwkClient method exec.
/**
* Executes the call to the REST Service requesting the JWK and processes
* the response.
*
* @return The service response.
*/
public JwkResponse exec() {
if (getRequest() == null) {
setRequest(new JwkRequest());
}
// Prepare request parameters
initClient();
Builder clientRequest = webTarget.request();
applyCookies(clientRequest);
if (getRequest().hasCredentials()) {
String encodedCredentials = getRequest().getEncodedCredentials();
clientRequest.header("Authorization", "Basic " + encodedCredentials);
}
clientRequest.accept(MediaType.APPLICATION_JSON);
// Call REST Service and handle response
try {
clientResponse = clientRequest.buildGet().invoke();
int status = clientResponse.getStatus();
setResponse(new JwkResponse(status));
getResponse().setHeaders(clientResponse.getMetadata());
String entity = clientResponse.readEntity(String.class);
getResponse().setEntity(entity);
if (StringUtils.isNotBlank(entity)) {
JSONObject jsonObj = new JSONObject(entity);
if (jsonObj.has(JSON_WEB_KEY_SET)) {
JSONWebKeySet jwks = JSONWebKeySet.fromJSONObject(jsonObj);
getResponse().setJwks(jwks);
}
}
} catch (Exception e) {
e.printStackTrace();
} finally {
closeConnection();
}
return getResponse();
}
Also used :
JSONObject(org.json.JSONObject)
JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet)
Builder(javax.ws.rs.client.Invocation.Builder)
Example 2 with JSONWebKeySet
use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.
the class AuthenticationFilter method validateDpopSignature.
private boolean validateDpopSignature(Jwt dpop, JSONWebKey jwk, String dpopJwkThumbprint) throws Exception {
if (dpopJwkThumbprint == null) {
throw new InvalidJwtException("Invalid DPoP Proof Header. The jwk header is not valid.");
}
JSONWebKeySet jwks = new JSONWebKeySet();
jwks.getKeys().add(jwk);
return cryptoProvider.verifySignature(dpop.getSigningInput(), dpop.getEncodedSignature(), null, jwks.toJSONObject(), null, dpop.getHeader().getSignatureAlgorithm());
}
Also used :
InvalidJwtException(io.jans.as.model.exception.InvalidJwtException)
JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet)
Example 3 with JSONWebKeySet
use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.
the class KeyGeneratorService method generateKeys.
private JSONWebKeySet generateKeys(List<Algorithm> signatureAlgorithms, List<Algorithm> encryptionAlgorithms, int expiration_hours) {
LOG.trace("Generating jwks keys...");
JSONWebKeySet jwks = new JSONWebKeySet();
Calendar calendar = new GregorianCalendar();
calendar.add(Calendar.HOUR, expiration_hours);
for (Algorithm algorithm : signatureAlgorithms) {
try {
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(algorithm.name());
JSONObject result = this.cryptoProvider.generateKey(algorithm, calendar.getTimeInMillis());
JSONWebKey key = JSONWebKey.fromJSONObject(result);
jwks.getKeys().add(key);
} catch (Exception ex) {
LOG.error(ex.getMessage(), ex);
}
}
for (Algorithm algorithm : encryptionAlgorithms) {
try {
KeyEncryptionAlgorithm encryptionAlgorithm = KeyEncryptionAlgorithm.fromName(algorithm.getParamName());
JSONObject result = this.cryptoProvider.generateKey(algorithm, calendar.getTimeInMillis());
JSONWebKey key = JSONWebKey.fromJSONObject(result);
jwks.getKeys().add(key);
} catch (Exception ex) {
LOG.error(ex.getMessage(), ex);
}
}
// LOG.trace("jwks: ", jwks);
LOG.trace("jwks generated successfully.");
return jwks;
}
Also used :
JSONWebKey(io.jans.as.model.jwk.JSONWebKey)
JSONObject(org.json.JSONObject)
JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet)
Calendar(java.util.Calendar)
GregorianCalendar(java.util.GregorianCalendar)
KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)
GregorianCalendar(java.util.GregorianCalendar)
SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm)
SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm)
Algorithm(io.jans.as.model.jwk.Algorithm)
KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)
CryptoProviderException(io.jans.as.model.exception.CryptoProviderException)
HttpException(io.jans.ca.server.HttpException)
Example 4 with JSONWebKeySet
use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.
the class KeyGeneratorService method getKeys.
public JSONWebKeySet getKeys() {
if (configuration.getEnableJwksGeneration()) {
if (keys != null && !keys.getKeys().isEmpty()) {
return this.keys;
}
// if keys not found then search in storage
JSONWebKeySet keys = getKeysFromStorage();
if (keys != null && !keys.getKeys().isEmpty()) {
this.keys = keys;
return this.keys;
}
// generate new keys in case they do not exist
generateKeys();
return this.keys;
}
LOG.info("Relying party JWKS generation is disabled in running jans_client_api instance. To enable it set `enable_jwks_generation` field to true in `client-api-server.yml`.");
throw new HttpException(ErrorResponseCode.JWKS_GENERATION_DISABLE);
}
Also used :
JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet)
HttpException(io.jans.ca.server.HttpException)
Example 5 with JSONWebKeySet
use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.
the class KeyGeneratorService method generateKeys.
public void generateKeys() {
List<Algorithm> signatureAlgorithms = Lists.newArrayList(Algorithm.RS256, Algorithm.RS384, Algorithm.RS512, Algorithm.ES256, Algorithm.ES384, Algorithm.ES512, Algorithm.PS256, Algorithm.PS384, Algorithm.PS512);
List<Algorithm> encryptionAlgorithms = Lists.newArrayList(Algorithm.RSA1_5, Algorithm.RSA_OAEP);
try {
if (configuration.getEnableJwksGeneration()) {
JSONWebKeySet keySet = generateKeys(signatureAlgorithms, encryptionAlgorithms, configuration.getJwksExpirationInHours());
saveKeysInStorage(keySet.toString());
setKeys(keySet);
}
} catch (Exception e) {
LOG.error("Failed to generate json web keys.", e);
throw new RuntimeException("Failed to generate json web keys.", e);
}
}
Also used :
JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet)
SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm)
Algorithm(io.jans.as.model.jwk.Algorithm)
KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)
CryptoProviderException(io.jans.as.model.exception.CryptoProviderException)
HttpException(io.jans.ca.server.HttpException)
Aggregations
JSONWebKeySet (io.jans.as.model.jwk.JSONWebKeySet)17
JSONObject (org.json.JSONObject)9
JSONWebKey (io.jans.as.model.jwk.JSONWebKey)6
CryptoProviderException (io.jans.as.model.exception.CryptoProviderException)4
HttpException (io.jans.ca.server.HttpException)4
PublicKey (java.security.PublicKey)4
KeyEncryptionAlgorithm (io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)3
SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)3
InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)3
Algorithm (io.jans.as.model.jwk.Algorithm)3
Jwt (io.jans.as.model.jwt.Jwt)3
X509Certificate (java.security.cert.X509Certificate)3
JwkResponse (io.jans.as.client.JwkResponse)2
Client (io.jans.as.common.model.registration.Client)2
RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)2
AuthorizationGrant (io.jans.as.server.model.common.AuthorizationGrant)2
IOException (java.io.IOException)2
PrintWriter (java.io.PrintWriter)2
Date (java.util.Date)2
ServletException (javax.servlet.ServletException)2
