use of io.jans.as.model.jws.ECDSASigner in project jans by JanssenProject.
the class SignatureTest method generateES512Keys.
@Test
public void generateES512Keys() throws Exception {
showTitle("TEST: generateES512Keys");
KeyFactory<ECDSAPrivateKey, ECDSAPublicKey> keyFactory = new ECDSAKeyFactory(SignatureAlgorithm.ES512, "CN=Test CA Certificate");
ECDSAPrivateKey privateKey = keyFactory.getPrivateKey();
ECDSAPublicKey publicKey = keyFactory.getPublicKey();
Certificate certificate = keyFactory.getCertificate();
System.out.println("PRIVATE KEY");
System.out.println(privateKey);
System.out.println("PUBLIC KEY");
System.out.println(publicKey);
System.out.println("CERTIFICATE");
System.out.println(certificate);
String signingInput = "Hello World!";
ECDSASigner ecdsaSigner1 = new ECDSASigner(SignatureAlgorithm.ES512, privateKey);
String signature = ecdsaSigner1.generateSignature(signingInput);
ECDSASigner ecdsaSigner2 = new ECDSASigner(SignatureAlgorithm.ES512, publicKey);
assertTrue(ecdsaSigner2.validateSignature(signingInput, signature));
ECDSASigner ecdsaSigner3 = new ECDSASigner(SignatureAlgorithm.ES512, certificate);
assertTrue(ecdsaSigner3.validateSignature(signingInput, signature));
}
use of io.jans.as.model.jws.ECDSASigner in project jans by JanssenProject.
the class Validator method createJwsSigner.
public static AbstractJwsSigner createJwsSigner(Jwt idToken, OpenIdConfigurationResponse discoveryResponse, PublicOpKeyService keyService, OpClientFactory opClientFactory, Rp rp, RpServerConfiguration configuration) {
final String algorithm = idToken.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM);
final SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(algorithm);
final String jwkUrl = discoveryResponse.getJwksUri();
String kid = idToken.getHeader().getClaimAsString(JwtHeaderName.KEY_ID);
if (signatureAlgorithm == null)
throw new HttpException(ErrorResponseCode.INVALID_ALGORITHM);
if (Strings.isNullOrEmpty(kid) && (signatureAlgorithm.getFamily() == AlgorithmFamily.RSA || signatureAlgorithm.getFamily() == AlgorithmFamily.EC)) {
LOG.warn("Warning:`kid` is missing in id_token header. oxd will throw error if RP is unable to determine the key to used for `id_token` validation.");
}
if (signatureAlgorithm == SignatureAlgorithm.NONE) {
if (!configuration.getAcceptIdTokenWithoutSignature()) {
LOG.error("`ID_TOKEN` without signature is not allowed. To allow `ID_TOKEN` without signature set `accept_id_token_without_signature` field to 'true' in client-api-server.yml.");
throw new HttpException(ErrorResponseCode.ID_TOKEN_WITHOUT_SIGNATURE_NOT_ALLOWED);
}
return new AbstractJwsSigner(signatureAlgorithm) {
@Override
public String generateSignature(String signingInput) throws SignatureException {
return null;
}
@Override
public boolean validateSignature(String signingInput, String signature) throws SignatureException {
return true;
}
};
} else if (signatureAlgorithm.getFamily() == AlgorithmFamily.RSA) {
final RSAPublicKey publicKey = (RSAPublicKey) keyService.getPublicKey(jwkUrl, kid, signatureAlgorithm, Use.SIGNATURE);
return opClientFactory.createRSASigner(signatureAlgorithm, publicKey);
} else if (signatureAlgorithm.getFamily() == AlgorithmFamily.HMAC) {
return new HMACSigner(signatureAlgorithm, rp.getClientSecret());
} else if (signatureAlgorithm.getFamily() == AlgorithmFamily.EC) {
final ECDSAPublicKey publicKey = (ECDSAPublicKey) keyService.getPublicKey(jwkUrl, kid, signatureAlgorithm, Use.SIGNATURE);
return new ECDSASigner(signatureAlgorithm, publicKey);
}
throw new HttpException(ErrorResponseCode.ALGORITHM_NOT_SUPPORTED);
}
Aggregations