Example 1 with ServerCryptoProvider
use of io.jans.as.server.service.ServerCryptoProvider in project jans by JanssenProject.
the class JwrService method encryptJwe.
private Jwe encryptJwe(Jwe jwe, Client client) throws Exception {
if (appConfiguration.getUseNestedJwtDuringEncryption()) {
JwtSigner jwtSigner = JwtSigner.newJwtSigner(appConfiguration, webKeysConfiguration, client);
Jwt jwt = jwtSigner.newJwt();
jwt.setClaims(jwe.getClaims());
jwe.setSignedJWTPayload(signJwt(jwt, client));
}
KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(ALGORITHM));
final BlockEncryptionAlgorithm encryptionMethod = jwe.getHeader().getEncryptionMethod();
if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5) {
JSONObject jsonWebKeys = JwtUtil.getJSONWebKeys(client.getJwksUri());
String keyId = new ServerCryptoProvider(cryptoProvider).getKeyId(JSONWebKeySet.fromJSONObject(jsonWebKeys), Algorithm.fromString(keyEncryptionAlgorithm.getName()), Use.ENCRYPTION);
PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jsonWebKeys, null);
jwe.getHeader().setKeyId(keyId);
if (publicKey == null) {
throw new InvalidJweException("The public key is not valid");
}
JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, encryptionMethod, publicKey);
return jweEncrypter.encrypt(jwe);
}
if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
byte[] sharedSymmetricKey = clientService.decryptSecret(client.getClientSecret()).getBytes(StandardCharsets.UTF_8);
JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, encryptionMethod, sharedSymmetricKey);
return jweEncrypter.encrypt(jwe);
}
throw new IllegalArgumentException("Unsupported encryption algorithm: " + keyEncryptionAlgorithm);
}
Also used :
ServerCryptoProvider(io.jans.as.server.service.ServerCryptoProvider)
Jwt(io.jans.as.model.jwt.Jwt)
PublicKey(java.security.PublicKey)
BlockEncryptionAlgorithm(io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm)
JSONObject(org.json.JSONObject)
KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)
JweEncrypterImpl(io.jans.as.model.jwe.JweEncrypterImpl)
JweEncrypter(io.jans.as.model.jwe.JweEncrypter)
InvalidJweException(io.jans.as.model.exception.InvalidJweException)
Example 2 with ServerCryptoProvider
use of io.jans.as.server.service.ServerCryptoProvider in project jans by JanssenProject.
the class UserInfoRestWebServiceImpl method getJweResponse.
public String getJweResponse(KeyEncryptionAlgorithm keyEncryptionAlgorithm, BlockEncryptionAlgorithm blockEncryptionAlgorithm, User user, AuthorizationGrant authorizationGrant, Collection<String> scopes) throws Exception {
log.trace("Building JWE reponse with next scopes {0} for user {1} and user custom attributes {0}", scopes, user.getUserId(), user.getCustomAttributes());
Jwe jwe = new Jwe();
// Header
jwe.getHeader().setType(JwtType.JWT);
jwe.getHeader().setAlgorithm(keyEncryptionAlgorithm);
jwe.getHeader().setEncryptionMethod(blockEncryptionAlgorithm);
// Claims
jwe.setClaims(createJwtClaims(user, authorizationGrant, scopes));
// Encryption
if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5) {
JSONObject jsonWebKeys = JwtUtil.getJSONWebKeys(authorizationGrant.getClient().getJwksUri());
String keyId = new ServerCryptoProvider(cryptoProvider).getKeyId(JSONWebKeySet.fromJSONObject(jsonWebKeys), Algorithm.fromString(keyEncryptionAlgorithm.getName()), Use.ENCRYPTION);
PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jsonWebKeys, null);
if (publicKey != null) {
JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, publicKey);
jwe = jweEncrypter.encrypt(jwe);
} else {
throw new InvalidJweException("The public key is not valid");
}
} else if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
try {
byte[] sharedSymmetricKey = clientService.decryptSecret(authorizationGrant.getClient().getClientSecret()).getBytes(StandardCharsets.UTF_8);
JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, sharedSymmetricKey);
jwe = jweEncrypter.encrypt(jwe);
} catch (Exception e) {
throw new InvalidJweException(e);
}
}
return jwe.toString();
}
Also used :
JSONObject(org.json.JSONObject)
ServerCryptoProvider(io.jans.as.server.service.ServerCryptoProvider)
PublicKey(java.security.PublicKey)
Jwe(io.jans.as.model.jwe.Jwe)
JweEncrypterImpl(io.jans.as.model.jwe.JweEncrypterImpl)
JweEncrypter(io.jans.as.model.jwe.JweEncrypter)
InvalidClaimException(io.jans.as.model.exception.InvalidClaimException)
ParseException(java.text.ParseException)
EntryPersistenceException(io.jans.orm.exception.EntryPersistenceException)
InvalidJweException(io.jans.as.model.exception.InvalidJweException)
InvalidJweException(io.jans.as.model.exception.InvalidJweException)
Example 3 with ServerCryptoProvider
use of io.jans.as.server.service.ServerCryptoProvider in project jans by JanssenProject.
the class UserInfoRestWebServiceImpl method getJwtResponse.
private String getJwtResponse(SignatureAlgorithm signatureAlgorithm, User user, AuthorizationGrant authorizationGrant, Collection<String> scopes) throws Exception {
log.trace("Building JWT reponse with next scopes {0} for user {1} and user custom attributes {0}", scopes, user.getUserId(), user.getCustomAttributes());
Jwt jwt = new Jwt();
// Header
jwt.getHeader().setType(JwtType.JWT);
jwt.getHeader().setAlgorithm(signatureAlgorithm);
String keyId = new ServerCryptoProvider(cryptoProvider).getKeyId(webKeysConfiguration, Algorithm.fromString(signatureAlgorithm.getName()), Use.SIGNATURE);
if (keyId != null) {
jwt.getHeader().setKeyId(keyId);
}
// Claims
jwt.setClaims(createJwtClaims(user, authorizationGrant, scopes));
// Signature
String sharedSecret = clientService.decryptSecret(authorizationGrant.getClient().getClientSecret());
String signature = cryptoProvider.sign(jwt.getSigningInput(), jwt.getHeader().getKeyId(), sharedSecret, signatureAlgorithm);
jwt.setEncodedSignature(signature);
return jwt.toString();
}
Also used :
ServerCryptoProvider(io.jans.as.server.service.ServerCryptoProvider)
Jwt(io.jans.as.model.jwt.Jwt)
Aggregations
ServerCryptoProvider (io.jans.as.server.service.ServerCryptoProvider)3
InvalidJweException (io.jans.as.model.exception.InvalidJweException)2
JweEncrypter (io.jans.as.model.jwe.JweEncrypter)2
JweEncrypterImpl (io.jans.as.model.jwe.JweEncrypterImpl)2
Jwt (io.jans.as.model.jwt.Jwt)2
PublicKey (java.security.PublicKey)2
JSONObject (org.json.JSONObject)2
BlockEncryptionAlgorithm (io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm)1
KeyEncryptionAlgorithm (io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)1
InvalidClaimException (io.jans.as.model.exception.InvalidClaimException)1
Jwe (io.jans.as.model.jwe.Jwe)1
EntryPersistenceException (io.jans.orm.exception.EntryPersistenceException)1
ParseException (java.text.ParseException)1
