Search in sources :

Example 16 with JSONWebKeySet

use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.

the class KeyGeneratorService method getKeysFromStorage.

public JSONWebKeySet getKeysFromStorage() {
    ExpiredObject expiredObject = persistenceService.getExpiredObject(ExpiredObjectType.JWKS.getValue());
    if (expiredObject == null || Strings.isNullOrEmpty(expiredObject.getValue())) {
        return null;
    }
    JSONObject keysInJson = new JSONObject(expiredObject.getValue());
    JSONWebKeySet keys = JSONWebKeySet.fromJSONObject(keysInJson);
    try {
        if (hasKeysExpired(expiredObject)) {
            LOG.trace("The keys in storage got expired. Deleting the expired keys from storage.");
            deleteKeysFromStorage();
            return null;
        }
    } catch (Exception e) {
        LOG.error("Error in reading expiry date or deleting expired keys from storage. Trying to delete the keys from storage.", e);
        deleteKeysFromStorage();
        return null;
    }
    return keys;
}
Also used : JSONObject(org.json.JSONObject) JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet) ExpiredObject(io.jans.ca.common.ExpiredObject) CryptoProviderException(io.jans.as.model.exception.CryptoProviderException) HttpException(io.jans.ca.server.HttpException)

Example 17 with JSONWebKeySet

use of io.jans.as.model.jwk.JSONWebKeySet in project jans by JanssenProject.

the class PublicOpKeyService method getPublicKey.

public PublicKey getPublicKey(String jwkSetUrl, String keyId, SignatureAlgorithm signatureAlgorithm, Use use) {
    // Get keys from cache if present
    Optional<PublicKey> cachedKey = getCachedKey(jwkSetUrl, keyId);
    if (cachedKey.isPresent()) {
        LOG.debug("Taken public key from cache. jwks_url: {}, kid : {} ", jwkSetUrl, keyId);
        return cachedKey.get();
    }
    // Request jwks from OP
    JwkClient jwkClient = opClientFactory.createJwkClient(jwkSetUrl);
    jwkClient.setExecutor(new ApacheHttpClient43Engine(httpService.getHttpClient()));
    JwkResponse jwkResponse = jwkClient.exec();
    if (jwkResponse == null || jwkResponse.getStatus() != 200) {
        LOG.error("Failed to fetch public key from OP. Obtained Response : {}", (jwkResponse == null ? jwkResponse : jwkResponse.getStatus()));
        throw new RuntimeException("Failed to fetch public key from OP. Obtained Response : " + (jwkResponse == null ? jwkResponse : jwkResponse.getStatus()));
    }
    if (!Strings.isNullOrEmpty(keyId)) {
        PublicKey publicKey = jwkResponse.getPublicKey(keyId);
        if (publicKey != null) {
            cache.put((new Pair<>(jwkSetUrl, keyId)), publicKey);
            return publicKey;
        }
    } else {
        JSONWebKeySet jsonWebKeySet = jwkResponse.getJwks();
        List<PublicKey> pks = Lists.newArrayList();
        for (JSONWebKey key : jsonWebKeySet.getKeys()) {
            if (key.getKty() == null)
                continue;
            if (signatureAlgorithm.getFamily().toString().equals(key.getKty().toString()) && (use == null || use == key.getUse())) {
                pks.add(getPublicKey(key));
            }
        }
        if (pks.size() > 1) {
            LOG.error("Multiple matching keys found in issuer's jwks_uri for algorithm : {}. `kid` must be provided in this case.", signatureAlgorithm.getName());
            throw new RuntimeException("Multiple matching keys found in issuer's jwks_uri for algorithm : " + signatureAlgorithm.getName() + ". `kid` must be provided in this case.");
        }
        if (pks.size() == 1) {
            if (!Strings.isNullOrEmpty(pks.get(0).getKeyId())) {
                cache.put((new Pair<>(jwkSetUrl, pks.get(0).getKeyId())), pks.get(0));
            }
            return pks.get(0);
        }
    }
    LOG.error("Failed to fetch public key from OP.");
    throw new RuntimeException("Failed to fetch public key from OP.");
}
Also used : JSONWebKey(io.jans.as.model.jwk.JSONWebKey) JwkResponse(io.jans.as.client.JwkResponse) JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet) PublicKey(io.jans.as.model.crypto.PublicKey) RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) ECDSAPublicKey(io.jans.as.model.crypto.signature.ECDSAPublicKey) ApacheHttpClient43Engine(org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient43Engine) JwkClient(io.jans.as.client.JwkClient) Pair(io.jans.util.Pair)

Aggregations

JSONWebKeySet (io.jans.as.model.jwk.JSONWebKeySet)17 JSONObject (org.json.JSONObject)9 JSONWebKey (io.jans.as.model.jwk.JSONWebKey)6 CryptoProviderException (io.jans.as.model.exception.CryptoProviderException)4 HttpException (io.jans.ca.server.HttpException)4 PublicKey (java.security.PublicKey)4 KeyEncryptionAlgorithm (io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)3 SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)3 InvalidJwtException (io.jans.as.model.exception.InvalidJwtException)3 Algorithm (io.jans.as.model.jwk.Algorithm)3 Jwt (io.jans.as.model.jwt.Jwt)3 X509Certificate (java.security.cert.X509Certificate)3 JwkResponse (io.jans.as.client.JwkResponse)2 Client (io.jans.as.common.model.registration.Client)2 RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)2 AuthorizationGrant (io.jans.as.server.model.common.AuthorizationGrant)2 IOException (java.io.IOException)2 PrintWriter (java.io.PrintWriter)2 Date (java.util.Date)2 ServletException (javax.servlet.ServletException)2