Search in sources :

Example 1 with JSONWebKeySet

use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.

the class JwkClient method exec.

/**
 * Executes the call to the REST Service requesting the JWK and processes
 * the response.
 *
 * @return The service response.
 */
public JwkResponse exec() {
    if (getRequest() == null) {
        setRequest(new JwkRequest());
    }
    // Prepare request parameters
    initClient();
    Builder clientRequest = webTarget.request();
    applyCookies(clientRequest);
    if (getRequest().hasCredentials()) {
        String encodedCredentials = getRequest().getEncodedCredentials();
        clientRequest.header("Authorization", "Basic " + encodedCredentials);
    }
    clientRequest.accept(MediaType.APPLICATION_JSON);
    // Call REST Service and handle response
    try {
        clientResponse = clientRequest.buildGet().invoke();
        int status = clientResponse.getStatus();
        setResponse(new JwkResponse(status));
        getResponse().setHeaders(clientResponse.getMetadata());
        String entity = clientResponse.readEntity(String.class);
        getResponse().setEntity(entity);
        if (StringUtils.isNotBlank(entity)) {
            JSONObject jsonObj = new JSONObject(entity);
            if (jsonObj.has(JSON_WEB_KEY_SET)) {
                JSONWebKeySet jwks = JSONWebKeySet.fromJSONObject(jsonObj);
                getResponse().setJwks(jwks);
            }
        }
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        closeConnection();
    }
    return getResponse();
}
Also used : JSONObject(org.json.JSONObject) JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet) Builder(javax.ws.rs.client.Invocation.Builder)

Example 2 with JSONWebKeySet

use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.

the class AuthenticationFilter method validateDpopSignature.

private boolean validateDpopSignature(Jwt dpop, JSONWebKey jwk, String dpopJwkThumbprint) throws Exception {
    if (dpopJwkThumbprint == null) {
        throw new InvalidJwtException("Invalid DPoP Proof Header. The jwk header is not valid.");
    }
    JSONWebKeySet jwks = new JSONWebKeySet();
    jwks.getKeys().add(jwk);
    return cryptoProvider.verifySignature(dpop.getSigningInput(), dpop.getEncodedSignature(), null, jwks.toJSONObject(), null, dpop.getHeader().getSignatureAlgorithm());
}
Also used : InvalidJwtException(io.jans.as.model.exception.InvalidJwtException) JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet)

Example 3 with JSONWebKeySet

use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.

the class KeyGeneratorService method generateKeys.

private JSONWebKeySet generateKeys(List<Algorithm> signatureAlgorithms, List<Algorithm> encryptionAlgorithms, int expiration_hours) {
    LOG.trace("Generating jwks keys...");
    JSONWebKeySet jwks = new JSONWebKeySet();
    Calendar calendar = new GregorianCalendar();
    calendar.add(Calendar.HOUR, expiration_hours);
    for (Algorithm algorithm : signatureAlgorithms) {
        try {
            SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(algorithm.name());
            JSONObject result = this.cryptoProvider.generateKey(algorithm, calendar.getTimeInMillis());
            JSONWebKey key = JSONWebKey.fromJSONObject(result);
            jwks.getKeys().add(key);
        } catch (Exception ex) {
            LOG.error(ex.getMessage(), ex);
        }
    }
    for (Algorithm algorithm : encryptionAlgorithms) {
        try {
            KeyEncryptionAlgorithm encryptionAlgorithm = KeyEncryptionAlgorithm.fromName(algorithm.getParamName());
            JSONObject result = this.cryptoProvider.generateKey(algorithm, calendar.getTimeInMillis());
            JSONWebKey key = JSONWebKey.fromJSONObject(result);
            jwks.getKeys().add(key);
        } catch (Exception ex) {
            LOG.error(ex.getMessage(), ex);
        }
    }
    // LOG.trace("jwks: ", jwks);
    LOG.trace("jwks generated successfully.");
    return jwks;
}
Also used : JSONWebKey(io.jans.as.model.jwk.JSONWebKey) JSONObject(org.json.JSONObject) JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet) Calendar(java.util.Calendar) GregorianCalendar(java.util.GregorianCalendar) KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm) GregorianCalendar(java.util.GregorianCalendar) SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm) SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm) Algorithm(io.jans.as.model.jwk.Algorithm) KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm) CryptoProviderException(io.jans.as.model.exception.CryptoProviderException) HttpException(io.jans.ca.server.HttpException)

Example 4 with JSONWebKeySet

use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.

the class KeyGeneratorService method getKeys.

public JSONWebKeySet getKeys() {
    if (configuration.getEnableJwksGeneration()) {
        if (keys != null && !keys.getKeys().isEmpty()) {
            return this.keys;
        }
        // if keys not found then search in storage
        JSONWebKeySet keys = getKeysFromStorage();
        if (keys != null && !keys.getKeys().isEmpty()) {
            this.keys = keys;
            return this.keys;
        }
        // generate new keys in case they do not exist
        generateKeys();
        return this.keys;
    }
    LOG.info("Relying party JWKS generation is disabled in running jans_client_api instance. To enable it set `enable_jwks_generation` field to true in `client-api-server.yml`.");
    throw new HttpException(ErrorResponseCode.JWKS_GENERATION_DISABLE);
}
Also used : JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet) HttpException(io.jans.ca.server.HttpException)

Example 5 with JSONWebKeySet

use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.

the class KeyGeneratorService method generateKeys.

public void generateKeys() {
    List<Algorithm> signatureAlgorithms = Lists.newArrayList(Algorithm.RS256, Algorithm.RS384, Algorithm.RS512, Algorithm.ES256, Algorithm.ES384, Algorithm.ES512, Algorithm.PS256, Algorithm.PS384, Algorithm.PS512);
    List<Algorithm> encryptionAlgorithms = Lists.newArrayList(Algorithm.RSA1_5, Algorithm.RSA_OAEP);
    try {
        if (configuration.getEnableJwksGeneration()) {
            JSONWebKeySet keySet = generateKeys(signatureAlgorithms, encryptionAlgorithms, configuration.getJwksExpirationInHours());
            saveKeysInStorage(keySet.toString());
            setKeys(keySet);
        }
    } catch (Exception e) {
        LOG.error("Failed to generate json web keys.", e);
        throw new RuntimeException("Failed to generate json web keys.", e);
    }
}
Also used : JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet) SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm) Algorithm(io.jans.as.model.jwk.Algorithm) KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm) CryptoProviderException(io.jans.as.model.exception.CryptoProviderException) HttpException(io.jans.ca.server.HttpException)

Aggregations

JSONWebKeySet (io.jans.as.model.jwk.JSONWebKeySet)17 JSONObject (org.json.JSONObject)9 JSONWebKey (io.jans.as.model.jwk.JSONWebKey)6 CryptoProviderException (io.jans.as.model.exception.CryptoProviderException)4 HttpException (io.jans.ca.server.HttpException)4 PublicKey (java.security.PublicKey)4 KeyEncryptionAlgorithm (io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)3 SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)3 InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)3 Algorithm (io.jans.as.model.jwk.Algorithm)3 Jwt (io.jans.as.model.jwt.Jwt)3 X509Certificate (java.security.cert.X509Certificate)3 JwkResponse (io.jans.as.client.JwkResponse)2 Client (io.jans.as.common.model.registration.Client)2 RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)2 AuthorizationGrant (io.jans.as.server.model.common.AuthorizationGrant)2 IOException (java.io.IOException)2 PrintWriter (java.io.PrintWriter)2 Date (java.util.Date)2 ServletException (javax.servlet.ServletException)2