Search in sources :

Example 41 with RSAPublicKey

use of java.security.interfaces.RSAPublicKey in project cxf by apache.

the class JwsCompactReaderWriterTest method testJwsPsSha.

@Test
public void testJwsPsSha() throws Exception {
    Security.addProvider(new BouncyCastleProvider());
    try {
        JwsHeaders outHeaders = new JwsHeaders();
        outHeaders.setSignatureAlgorithm(SignatureAlgorithm.PS256);
        JwsCompactProducer producer = initSpecJwtTokenWriter(outHeaders);
        PrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED);
        String signed = producer.signWith(new PrivateKeyJwsSignatureProvider(privateKey, SignatureAlgorithm.PS256));
        JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(signed);
        RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED);
        assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.PS256)));
        JwtToken token = jws.getJwtToken();
        JwsHeaders inHeaders = new JwsHeaders(token.getJwsHeaders());
        assertEquals(SignatureAlgorithm.PS256, inHeaders.getSignatureAlgorithm());
        validateSpecClaim(token.getClaims());
    } finally {
        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
    }
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) PrivateKey(java.security.PrivateKey) ECPrivateKey(java.security.interfaces.ECPrivateKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) Test(org.junit.Test)

Example 42 with RSAPublicKey

use of java.security.interfaces.RSAPublicKey in project cxf by apache.

the class JwsCompactReaderWriterTest method testReadJwsSignedByPrivateKey.

@Test
public void testReadJwsSignedByPrivateKey() throws Exception {
    JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY);
    RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED);
    assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.RS256)));
    JwtToken token = jws.getJwtToken();
    JwsHeaders headers = new JwsHeaders(token.getJwsHeaders());
    assertEquals(SignatureAlgorithm.RS256, headers.getSignatureAlgorithm());
    validateSpecClaim(token.getClaims());
}
Also used : JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken) RSAPublicKey(java.security.interfaces.RSAPublicKey) Test(org.junit.Test)

Example 43 with RSAPublicKey

use of java.security.interfaces.RSAPublicKey in project cxf by apache.

the class JweCompactReaderWriterTest method testEncryptDecryptRSA15WrapA128CBCHS256.

@Test
public void testEncryptDecryptRSA15WrapA128CBCHS256() throws Exception {
    final String specPlainText = "Live long and prosper.";
    RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED_A1, RSA_PUBLIC_EXPONENT_ENCODED_A1);
    KeyEncryptionProvider keyEncryption = new RSAKeyEncryptionAlgorithm(publicKey, KeyAlgorithm.RSA1_5);
    JweEncryptionProvider encryption = new AesCbcHmacJweEncryption(ContentAlgorithm.A128CBC_HS256, CONTENT_ENCRYPTION_KEY_A3, INIT_VECTOR_A3, keyEncryption);
    String jweContent = encryption.encrypt(specPlainText.getBytes(StandardCharsets.UTF_8), null);
    RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1, RSA_PRIVATE_EXPONENT_ENCODED_A1);
    KeyDecryptionProvider keyDecryption = new RSAKeyDecryptionAlgorithm(privateKey, KeyAlgorithm.RSA1_5);
    JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption);
    String decryptedText = decryption.decrypt(jweContent).getContentText();
    assertEquals(specPlainText, decryptedText);
}
Also used : RSAPublicKey(java.security.interfaces.RSAPublicKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) JwsCompactReaderWriterTest(org.apache.cxf.rs.security.jose.jws.JwsCompactReaderWriterTest) Test(org.junit.Test)

Example 44 with RSAPublicKey

use of java.security.interfaces.RSAPublicKey in project jersey by jersey.

the class RsaSha1Method method verify.

/**
     * Verifies the RSA-SHA1 signature of OAuth request elements.
     *
     * @param elements OAuth elements signature is to be verified against.
     * @param secrets the secrets object containing the public key for verifying the signature.
     * @param signature base64-encoded OAuth signature to be verified.
     * @throws InvalidSecretException if the supplied secret is not valid.
     */
@Override
public boolean verify(final String elements, final OAuth1Secrets secrets, final String signature) throws InvalidSecretException {
    final Signature sig;
    try {
        sig = Signature.getInstance(SIGNATURE_ALGORITHM);
    } catch (final NoSuchAlgorithmException nsae) {
        throw new IllegalStateException(nsae);
    }
    RSAPublicKey rsaPubKey = null;
    final String tmpkey = secrets.getConsumerSecret();
    if (tmpkey.startsWith(BEGIN_CERT)) {
        try {
            Certificate cert = null;
            final ByteArrayInputStream bais = new ByteArrayInputStream(tmpkey.getBytes());
            final BufferedInputStream bis = new BufferedInputStream(bais);
            final CertificateFactory certfac = CertificateFactory.getInstance("X.509");
            while (bis.available() > 0) {
                cert = certfac.generateCertificate(bis);
            }
            rsaPubKey = (RSAPublicKey) cert.getPublicKey();
        } catch (final Exception ex) {
            LOGGER.log(Level.SEVERE, LocalizationMessages.ERROR_CANNOT_OBTAIN_PUBLIC_KEY(), ex);
            return false;
        }
    }
    final byte[] decodedSignature;
    try {
        decodedSignature = Base64.decode(signature);
    } catch (final IOException e) {
        return false;
    }
    try {
        sig.initVerify(rsaPubKey);
    } catch (final InvalidKeyException ike) {
        throw new IllegalStateException(ike);
    }
    try {
        sig.update(elements.getBytes());
    } catch (final SignatureException se) {
        throw new IllegalStateException(se);
    }
    try {
        return sig.verify(decodedSignature);
    } catch (final SignatureException se) {
        throw new IllegalStateException(se);
    }
}
Also used : NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) SignatureException(java.security.SignatureException) InvalidKeyException(java.security.InvalidKeyException) CertificateFactory(java.security.cert.CertificateFactory) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) SignatureException(java.security.SignatureException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) RSAPublicKey(java.security.interfaces.RSAPublicKey) ByteArrayInputStream(java.io.ByteArrayInputStream) BufferedInputStream(java.io.BufferedInputStream) Signature(java.security.Signature) Certificate(java.security.cert.Certificate)

Example 45 with RSAPublicKey

use of java.security.interfaces.RSAPublicKey in project j2objc by google.

the class IosRSAKeyFactory method engineGetKeySpec.

@Override
@SuppressWarnings("unchecked")
protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec) throws InvalidKeySpecException {
    if (key == null) {
        throw new InvalidKeySpecException("key == null");
    }
    if (keySpec == null) {
        throw new InvalidKeySpecException("keySpec == null");
    }
    if (!"RSA".equals(key.getAlgorithm())) {
        throw new InvalidKeySpecException("Key must be a RSA key");
    }
    if (key instanceof RSAPublicKey && RSAPublicKeySpec.class.isAssignableFrom(keySpec)) {
        RSAPublicKey rsaKey = (RSAPublicKey) key;
        return (T) new RSAPublicKeySpec(rsaKey.getModulus(), rsaKey.getPublicExponent());
    } else if (key instanceof PublicKey && RSAPublicKeySpec.class.isAssignableFrom(keySpec)) {
        final byte[] encoded = key.getEncoded();
        if (!"X.509".equals(key.getFormat()) || encoded == null) {
            throw new InvalidKeySpecException("Not a valid X.509 encoding");
        }
        RSAPublicKey rsaKey = (RSAPublicKey) engineGeneratePublic(new X509EncodedKeySpec(encoded));
        return (T) new RSAPublicKeySpec(rsaKey.getModulus(), rsaKey.getPublicExponent());
    } else if (key instanceof RSAPrivateCrtKey && RSAPrivateCrtKeySpec.class.isAssignableFrom(keySpec)) {
        RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey) key;
        return (T) new RSAPrivateCrtKeySpec(rsaKey.getModulus(), rsaKey.getPublicExponent(), rsaKey.getPrivateExponent(), rsaKey.getPrimeP(), rsaKey.getPrimeQ(), rsaKey.getPrimeExponentP(), rsaKey.getPrimeExponentQ(), rsaKey.getCrtCoefficient());
    } else if (key instanceof RSAPrivateCrtKey && RSAPrivateKeySpec.class.isAssignableFrom(keySpec)) {
        RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey) key;
        return (T) new RSAPrivateKeySpec(rsaKey.getModulus(), rsaKey.getPrivateExponent());
    } else if (key instanceof RSAPrivateKey && RSAPrivateKeySpec.class.isAssignableFrom(keySpec)) {
        RSAPrivateKey rsaKey = (RSAPrivateKey) key;
        return (T) new RSAPrivateKeySpec(rsaKey.getModulus(), rsaKey.getPrivateExponent());
    } else if (key instanceof PrivateKey && RSAPrivateCrtKeySpec.class.isAssignableFrom(keySpec)) {
        final byte[] encoded = key.getEncoded();
        if (!"PKCS#8".equals(key.getFormat()) || encoded == null) {
            throw new InvalidKeySpecException("Not a valid PKCS#8 encoding");
        }
        RSAPrivateKey privKey = (RSAPrivateKey) engineGeneratePrivate(new PKCS8EncodedKeySpec(encoded));
        if (privKey instanceof RSAPrivateCrtKey) {
            RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey) privKey;
            return (T) new RSAPrivateCrtKeySpec(rsaKey.getModulus(), rsaKey.getPublicExponent(), rsaKey.getPrivateExponent(), rsaKey.getPrimeP(), rsaKey.getPrimeQ(), rsaKey.getPrimeExponentP(), rsaKey.getPrimeExponentQ(), rsaKey.getCrtCoefficient());
        } else {
            throw new InvalidKeySpecException("Encoded key is not an RSAPrivateCrtKey");
        }
    } else if (key instanceof PrivateKey && RSAPrivateKeySpec.class.isAssignableFrom(keySpec)) {
        final byte[] encoded = key.getEncoded();
        if (!"PKCS#8".equals(key.getFormat()) || encoded == null) {
            throw new InvalidKeySpecException("Not a valid PKCS#8 encoding");
        }
        RSAPrivateKey rsaKey = (RSAPrivateKey) engineGeneratePrivate(new PKCS8EncodedKeySpec(encoded));
        return (T) new RSAPrivateKeySpec(rsaKey.getModulus(), rsaKey.getPrivateExponent());
    } else if (key instanceof PrivateKey && PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) {
        final byte[] encoded = key.getEncoded();
        if (!"PKCS#8".equals(key.getFormat())) {
            throw new InvalidKeySpecException("Encoding type must be PKCS#8; was " + key.getFormat());
        } else if (encoded == null) {
            throw new InvalidKeySpecException("Key is not encodable");
        }
        return (T) new PKCS8EncodedKeySpec(encoded);
    } else if (key instanceof PublicKey && X509EncodedKeySpec.class.isAssignableFrom(keySpec)) {
        final byte[] encoded = key.getEncoded();
        if (!"X.509".equals(key.getFormat())) {
            throw new InvalidKeySpecException("Encoding type must be X.509; was " + key.getFormat());
        } else if (encoded == null) {
            throw new InvalidKeySpecException("Key is not encodable");
        }
        return (T) new X509EncodedKeySpec(encoded);
    } else {
        throw new InvalidKeySpecException("Unsupported key type and key spec combination; key=" + key.getClass().getName() + ", keySpec=" + keySpec.getName());
    }
}
Also used : RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) RSAPrivateCrtKey(java.security.interfaces.RSAPrivateCrtKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) PrivateKey(java.security.PrivateKey) PublicKey(java.security.PublicKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) RSAPublicKey(java.security.interfaces.RSAPublicKey) RSAPrivateKeySpec(java.security.spec.RSAPrivateKeySpec) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) RSAPrivateKey(java.security.interfaces.RSAPrivateKey)

Aggregations

RSAPublicKey (java.security.interfaces.RSAPublicKey)95 PublicKey (java.security.PublicKey)29 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)27 BigInteger (java.math.BigInteger)18 KeyFactory (java.security.KeyFactory)18 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)16 X509Certificate (java.security.cert.X509Certificate)16 InvalidKeyException (java.security.InvalidKeyException)15 KeyPair (java.security.KeyPair)15 PrivateKey (java.security.PrivateKey)15 KeyPairGenerator (java.security.KeyPairGenerator)14 ECPublicKey (java.security.interfaces.ECPublicKey)14 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)14 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)14 IOException (java.io.IOException)13 RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)13 ByteArrayInputStream (java.io.ByteArrayInputStream)12 CertificateFactory (java.security.cert.CertificateFactory)9 Test (org.junit.Test)9 RSAKey (java.security.interfaces.RSAKey)8