Search in sources :

Example 1 with ServerCryptoProvider

use of io.jans.as.server.service.ServerCryptoProvider in project jans by JanssenProject.

the class JwrService method encryptJwe.

private Jwe encryptJwe(Jwe jwe, Client client) throws Exception {
    if (appConfiguration.getUseNestedJwtDuringEncryption()) {
        JwtSigner jwtSigner = JwtSigner.newJwtSigner(appConfiguration, webKeysConfiguration, client);
        Jwt jwt = jwtSigner.newJwt();
        jwt.setClaims(jwe.getClaims());
        jwe.setSignedJWTPayload(signJwt(jwt, client));
    }
    KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.fromName(jwe.getHeader().getClaimAsString(ALGORITHM));
    final BlockEncryptionAlgorithm encryptionMethod = jwe.getHeader().getEncryptionMethod();
    if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5) {
        JSONObject jsonWebKeys = JwtUtil.getJSONWebKeys(client.getJwksUri());
        String keyId = new ServerCryptoProvider(cryptoProvider).getKeyId(JSONWebKeySet.fromJSONObject(jsonWebKeys), Algorithm.fromString(keyEncryptionAlgorithm.getName()), Use.ENCRYPTION);
        PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jsonWebKeys, null);
        jwe.getHeader().setKeyId(keyId);
        if (publicKey == null) {
            throw new InvalidJweException("The public key is not valid");
        }
        JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, encryptionMethod, publicKey);
        return jweEncrypter.encrypt(jwe);
    }
    if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
        byte[] sharedSymmetricKey = clientService.decryptSecret(client.getClientSecret()).getBytes(StandardCharsets.UTF_8);
        JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, encryptionMethod, sharedSymmetricKey);
        return jweEncrypter.encrypt(jwe);
    }
    throw new IllegalArgumentException("Unsupported encryption algorithm: " + keyEncryptionAlgorithm);
}
Also used : ServerCryptoProvider(io.jans.as.server.service.ServerCryptoProvider) Jwt(io.jans.as.model.jwt.Jwt) PublicKey(java.security.PublicKey) BlockEncryptionAlgorithm(io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm) JSONObject(org.json.JSONObject) KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm) JweEncrypterImpl(io.jans.as.model.jwe.JweEncrypterImpl) JweEncrypter(io.jans.as.model.jwe.JweEncrypter) InvalidJweException(io.jans.as.model.exception.InvalidJweException)

Example 2 with ServerCryptoProvider

use of io.jans.as.server.service.ServerCryptoProvider in project jans by JanssenProject.

the class UserInfoRestWebServiceImpl method getJweResponse.

public String getJweResponse(KeyEncryptionAlgorithm keyEncryptionAlgorithm, BlockEncryptionAlgorithm blockEncryptionAlgorithm, User user, AuthorizationGrant authorizationGrant, Collection<String> scopes) throws Exception {
    log.trace("Building JWE reponse with next scopes {0} for user {1} and user custom attributes {0}", scopes, user.getUserId(), user.getCustomAttributes());
    Jwe jwe = new Jwe();
    // Header
    jwe.getHeader().setType(JwtType.JWT);
    jwe.getHeader().setAlgorithm(keyEncryptionAlgorithm);
    jwe.getHeader().setEncryptionMethod(blockEncryptionAlgorithm);
    // Claims
    jwe.setClaims(createJwtClaims(user, authorizationGrant, scopes));
    // Encryption
    if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA_OAEP || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.RSA1_5) {
        JSONObject jsonWebKeys = JwtUtil.getJSONWebKeys(authorizationGrant.getClient().getJwksUri());
        String keyId = new ServerCryptoProvider(cryptoProvider).getKeyId(JSONWebKeySet.fromJSONObject(jsonWebKeys), Algorithm.fromString(keyEncryptionAlgorithm.getName()), Use.ENCRYPTION);
        PublicKey publicKey = cryptoProvider.getPublicKey(keyId, jsonWebKeys, null);
        if (publicKey != null) {
            JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, publicKey);
            jwe = jweEncrypter.encrypt(jwe);
        } else {
            throw new InvalidJweException("The public key is not valid");
        }
    } else if (keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A128KW || keyEncryptionAlgorithm == KeyEncryptionAlgorithm.A256KW) {
        try {
            byte[] sharedSymmetricKey = clientService.decryptSecret(authorizationGrant.getClient().getClientSecret()).getBytes(StandardCharsets.UTF_8);
            JweEncrypter jweEncrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, sharedSymmetricKey);
            jwe = jweEncrypter.encrypt(jwe);
        } catch (Exception e) {
            throw new InvalidJweException(e);
        }
    }
    return jwe.toString();
}
Also used : JSONObject(org.json.JSONObject) ServerCryptoProvider(io.jans.as.server.service.ServerCryptoProvider) PublicKey(java.security.PublicKey) Jwe(io.jans.as.model.jwe.Jwe) JweEncrypterImpl(io.jans.as.model.jwe.JweEncrypterImpl) JweEncrypter(io.jans.as.model.jwe.JweEncrypter) InvalidClaimException(io.jans.as.model.exception.InvalidClaimException) ParseException(java.text.ParseException) EntryPersistenceException(io.jans.orm.exception.EntryPersistenceException) InvalidJweException(io.jans.as.model.exception.InvalidJweException) InvalidJweException(io.jans.as.model.exception.InvalidJweException)

Example 3 with ServerCryptoProvider

use of io.jans.as.server.service.ServerCryptoProvider in project jans by JanssenProject.

the class UserInfoRestWebServiceImpl method getJwtResponse.

private String getJwtResponse(SignatureAlgorithm signatureAlgorithm, User user, AuthorizationGrant authorizationGrant, Collection<String> scopes) throws Exception {
    log.trace("Building JWT reponse with next scopes {0} for user {1} and user custom attributes {0}", scopes, user.getUserId(), user.getCustomAttributes());
    Jwt jwt = new Jwt();
    // Header
    jwt.getHeader().setType(JwtType.JWT);
    jwt.getHeader().setAlgorithm(signatureAlgorithm);
    String keyId = new ServerCryptoProvider(cryptoProvider).getKeyId(webKeysConfiguration, Algorithm.fromString(signatureAlgorithm.getName()), Use.SIGNATURE);
    if (keyId != null) {
        jwt.getHeader().setKeyId(keyId);
    }
    // Claims
    jwt.setClaims(createJwtClaims(user, authorizationGrant, scopes));
    // Signature
    String sharedSecret = clientService.decryptSecret(authorizationGrant.getClient().getClientSecret());
    String signature = cryptoProvider.sign(jwt.getSigningInput(), jwt.getHeader().getKeyId(), sharedSecret, signatureAlgorithm);
    jwt.setEncodedSignature(signature);
    return jwt.toString();
}
Also used : ServerCryptoProvider(io.jans.as.server.service.ServerCryptoProvider) Jwt(io.jans.as.model.jwt.Jwt)

Aggregations

ServerCryptoProvider (io.jans.as.server.service.ServerCryptoProvider)3 InvalidJweException (io.jans.as.model.exception.InvalidJweException)2 JweEncrypter (io.jans.as.model.jwe.JweEncrypter)2 JweEncrypterImpl (io.jans.as.model.jwe.JweEncrypterImpl)2 Jwt (io.jans.as.model.jwt.Jwt)2 PublicKey (java.security.PublicKey)2 JSONObject (org.json.JSONObject)2 BlockEncryptionAlgorithm (io.jans.as.model.crypto.encryption.BlockEncryptionAlgorithm)1 KeyEncryptionAlgorithm (io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)1 InvalidClaimException (io.jans.as.model.exception.InvalidClaimException)1 Jwe (io.jans.as.model.jwe.Jwe)1 EntryPersistenceException (io.jans.orm.exception.EntryPersistenceException)1 ParseException (java.text.ParseException)1