Search in sources :

Example 31 with ECDSASigner

use of io.jans.as.model.jws.ECDSASigner in project jans by JanssenProject.

the class SignatureTest method generateES512Keys.

@Test
public void generateES512Keys() throws Exception {
    showTitle("TEST: generateES512Keys");
    KeyFactory<ECDSAPrivateKey, ECDSAPublicKey> keyFactory = new ECDSAKeyFactory(SignatureAlgorithm.ES512, "CN=Test CA Certificate");
    ECDSAPrivateKey privateKey = keyFactory.getPrivateKey();
    ECDSAPublicKey publicKey = keyFactory.getPublicKey();
    Certificate certificate = keyFactory.getCertificate();
    System.out.println("PRIVATE KEY");
    System.out.println(privateKey);
    System.out.println("PUBLIC KEY");
    System.out.println(publicKey);
    System.out.println("CERTIFICATE");
    System.out.println(certificate);
    String signingInput = "Hello World!";
    ECDSASigner ecdsaSigner1 = new ECDSASigner(SignatureAlgorithm.ES512, privateKey);
    String signature = ecdsaSigner1.generateSignature(signingInput);
    ECDSASigner ecdsaSigner2 = new ECDSASigner(SignatureAlgorithm.ES512, publicKey);
    assertTrue(ecdsaSigner2.validateSignature(signingInput, signature));
    ECDSASigner ecdsaSigner3 = new ECDSASigner(SignatureAlgorithm.ES512, certificate);
    assertTrue(ecdsaSigner3.validateSignature(signingInput, signature));
}
Also used : ECDSAKeyFactory(io.jans.as.model.crypto.signature.ECDSAKeyFactory) ECDSASigner(io.jans.as.model.jws.ECDSASigner) ECDSAPrivateKey(io.jans.as.model.crypto.signature.ECDSAPrivateKey) ECDSAPublicKey(io.jans.as.model.crypto.signature.ECDSAPublicKey) Certificate(io.jans.as.model.crypto.Certificate) Test(org.testng.annotations.Test) BaseTest(io.jans.as.server.BaseTest)

Example 32 with ECDSASigner

use of io.jans.as.model.jws.ECDSASigner in project jans by JanssenProject.

the class Validator method createJwsSigner.

public static AbstractJwsSigner createJwsSigner(Jwt idToken, OpenIdConfigurationResponse discoveryResponse, PublicOpKeyService keyService, OpClientFactory opClientFactory, Rp rp, RpServerConfiguration configuration) {
    final String algorithm = idToken.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM);
    final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(algorithm);
    final String jwkUrl = discoveryResponse.getJwksUri();
    String kid = idToken.getHeader().getClaimAsString(JwtHeaderName.KEY_ID);
    if (signatureAlgorithm == null)
        throw new HttpException(ErrorResponseCode.INVALID_ALGORITHM);
    if (Strings.isNullOrEmpty(kid) && (signatureAlgorithm.getFamily() == AlgorithmFamily.RSA || signatureAlgorithm.getFamily() == AlgorithmFamily.EC)) {
        LOG.warn("Warning:`kid` is missing in id_token header. oxd will throw error if RP is unable to determine the key to used for `id_token` validation.");
    }
    if (signatureAlgorithm == SignatureAlgorithm.NONE) {
        if (!configuration.getAcceptIdTokenWithoutSignature()) {
            LOG.error("`ID_TOKEN` without signature is not allowed. To allow `ID_TOKEN` without signature set `accept_id_token_without_signature` field to 'true' in client-api-server.yml.");
            throw new HttpException(ErrorResponseCode.ID_TOKEN_WITHOUT_SIGNATURE_NOT_ALLOWED);
        }
        return new AbstractJwsSigner(signatureAlgorithm) {

            @Override
            public String generateSignature(String signingInput) throws SignatureException {
                return null;
            }

            @Override
            public boolean validateSignature(String signingInput, String signature) throws SignatureException {
                return true;
            }
        };
    } else if (signatureAlgorithm.getFamily() == AlgorithmFamily.RSA) {
        final RSAPublicKey publicKey = (RSAPublicKey) keyService.getPublicKey(jwkUrl, kid, signatureAlgorithm, Use.SIGNATURE);
        return opClientFactory.createRSASigner(signatureAlgorithm, publicKey);
    } else if (signatureAlgorithm.getFamily() == AlgorithmFamily.HMAC) {
        return new HMACSigner(signatureAlgorithm, rp.getClientSecret());
    } else if (signatureAlgorithm.getFamily() == AlgorithmFamily.EC) {
        final ECDSAPublicKey publicKey = (ECDSAPublicKey) keyService.getPublicKey(jwkUrl, kid, signatureAlgorithm, Use.SIGNATURE);
        return new ECDSASigner(signatureAlgorithm, publicKey);
    }
    throw new HttpException(ErrorResponseCode.ALGORITHM_NOT_SUPPORTED);
}
Also used : RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey) HMACSigner(io.jans.as.model.jws.HMACSigner) ECDSASigner(io.jans.as.model.jws.ECDSASigner) SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm) HttpException(io.jans.ca.server.HttpException) AbstractJwsSigner(io.jans.as.model.jws.AbstractJwsSigner) ECDSAPublicKey(io.jans.as.model.crypto.signature.ECDSAPublicKey)

Aggregations

ECDSAPublicKey (io.jans.as.model.crypto.signature.ECDSAPublicKey)32 ECDSASigner (io.jans.as.model.jws.ECDSASigner)32 Test (org.testng.annotations.Test)28 Jwt (io.jans.as.model.jwt.Jwt)27 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)25 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)25 BaseTest (io.jans.as.client.BaseTest)25 RegisterClient (io.jans.as.client.RegisterClient)25 RegisterRequest (io.jans.as.client.RegisterRequest)25 RegisterResponse (io.jans.as.client.RegisterResponse)25 ResponseType (io.jans.as.model.common.ResponseType)25 Parameters (org.testng.annotations.Parameters)25 AuthorizeClient (io.jans.as.client.AuthorizeClient)18 UserInfoClient (io.jans.as.client.UserInfoClient)12 UserInfoResponse (io.jans.as.client.UserInfoResponse)12 JwtAuthorizationRequest (io.jans.as.client.model.authorize.JwtAuthorizationRequest)12 UserInfoRequest (io.jans.as.client.UserInfoRequest)9 Claim (io.jans.as.client.model.authorize.Claim)9 BackchannelAuthenticationErrorResponseType (io.jans.as.model.ciba.BackchannelAuthenticationErrorResponseType)9 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)9