use of java.security.spec.ECPoint in project keycloak by keycloak.
the class JWKParser method createECPublicKey.
private PublicKey createECPublicKey() {
String crv = (String) jwk.getOtherClaims().get(ECPublicJWK.CRV);
BigInteger x = new BigInteger(1, Base64Url.decode((String) jwk.getOtherClaims().get(ECPublicJWK.X)));
BigInteger y = new BigInteger(1, Base64Url.decode((String) jwk.getOtherClaims().get(ECPublicJWK.Y)));
String name;
switch(crv) {
case "P-256":
name = "secp256r1";
break;
case "P-384":
name = "secp384r1";
break;
case "P-521":
name = "secp521r1";
break;
default:
throw new RuntimeException("Unsupported curve");
}
try {
ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec(name);
ECNamedCurveSpec params = new ECNamedCurveSpec("prime256v1", spec.getCurve(), spec.getG(), spec.getN());
ECPoint point = new ECPoint(x, y);
ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(point, params);
KeyFactory kf = KeyFactory.getInstance("ECDSA");
return kf.generatePublic(pubKeySpec);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
use of java.security.spec.ECPoint in project keycloak by keycloak.
the class JWKTest method publicEs256.
@Test
public void publicEs256() throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
SecureRandom randomGen = SecureRandom.getInstance("SHA1PRNG");
ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
keyGen.initialize(ecSpec, randomGen);
KeyPair keyPair = keyGen.generateKeyPair();
PublicKey publicKey = keyPair.getPublic();
JWK jwk = JWKBuilder.create().kid(KeyUtils.createKeyId(keyPair.getPublic())).algorithm("ES256").ec(publicKey);
assertEquals("EC", jwk.getKeyType());
assertEquals("ES256", jwk.getAlgorithm());
assertEquals("sig", jwk.getPublicKeyUse());
assertTrue(jwk instanceof ECPublicJWK);
ECPublicJWK ecJwk = (ECPublicJWK) jwk;
assertNotNull(ecJwk.getCrv());
assertNotNull(ecJwk.getX());
assertNotNull(ecJwk.getY());
byte[] xBytes = Base64Url.decode(ecJwk.getX());
byte[] yBytes = Base64Url.decode(ecJwk.getY());
assertTrue(publicKey instanceof ECPublicKey);
ECPoint ecPoint = ((ECPublicKey) publicKey).getW();
assertNotNull(ecPoint);
int lengthAffineX = JWKUtil.toIntegerBytes(ecPoint.getAffineX()).length;
int lengthAffineY = JWKUtil.toIntegerBytes(ecPoint.getAffineY()).length;
assertEquals(lengthAffineX, xBytes.length);
assertEquals(lengthAffineY, yBytes.length);
String jwkJson = JsonSerialization.writeValueAsString(jwk);
JWKParser parser = JWKParser.create().parse(jwkJson);
PublicKey publicKeyFromJwk = parser.toPublicKey();
assertArrayEquals(publicKey.getEncoded(), publicKeyFromJwk.getEncoded());
byte[] data = "Some test string".getBytes(StandardCharsets.UTF_8);
byte[] sign = sign(data, JavaAlgorithm.ES256, keyPair.getPrivate());
verify(data, sign, JavaAlgorithm.ES256, publicKeyFromJwk);
}
use of java.security.spec.ECPoint in project airlift by airlift.
the class JwksDecoder method tryDecodeEcKey.
public static Optional<JwkEcPublicKey> tryDecodeEcKey(String keyId, JsonKey key) {
// alg field is optional so not verified
// use field is optional so not verified
Optional<String> curveName = key.getStringProperty("crv");
Optional<ECParameterSpec> curve = curveName.flatMap(EcCurve::tryGet);
if (!curve.isPresent()) {
log.error("JWK EC %s curve '%s' is not supported", keyId, curveName);
return Optional.empty();
}
Optional<BigInteger> x = key.getStringProperty("x").flatMap(encodedX -> decodeBigint(keyId, "x", encodedX));
if (!x.isPresent()) {
return Optional.empty();
}
Optional<BigInteger> y = key.getStringProperty("y").flatMap(encodedY -> decodeBigint(keyId, "y", encodedY));
if (!y.isPresent()) {
return Optional.empty();
}
ECPoint w = new ECPoint(x.get(), y.get());
return Optional.of(new JwkEcPublicKey(keyId, curve.get(), w));
}
use of java.security.spec.ECPoint in project jmulticard by ctt-gob-es.
the class JseCryptoHelper method mapNonceGMWithECDH.
private static ECParameterSpec mapNonceGMWithECDH(final BigInteger nonceS, final ECPoint sharedSecretPointH, final ECParameterSpec params) {
// D~ = (p, a, b, G~, n, h) where G~ = [s]G + H
final ECPoint generator = params.getGenerator();
final EllipticCurve curve = params.getCurve();
final BigInteger a = curve.getA();
final BigInteger b = curve.getB();
final ECFieldFp field = (ECFieldFp) curve.getField();
final BigInteger p = field.getP();
final BigInteger order = params.getOrder();
final int cofactor = params.getCofactor();
final ECPoint ephemeralGenerator = add(multiply(nonceS, generator, params), sharedSecretPointH, params);
if (!toSpongyCastleECPoint(ephemeralGenerator, params).isValid()) {
// $NON-NLS-1$
LOGGER.warning("Se ha generado un punto invalido");
}
return new ECParameterSpec(new EllipticCurve(new ECFieldFp(p), a, b), ephemeralGenerator, order, cofactor);
}
use of java.security.spec.ECPoint in project minidns by MiniDNS.
the class ECDSASignatureVerifier method getPublicKey.
@Override
protected PublicKey getPublicKey(byte[] key) {
DataInput dis = new DataInputStream(new ByteArrayInputStream(key));
try {
byte[] xBytes = new byte[length];
dis.readFully(xBytes);
BigInteger x = new BigInteger(1, xBytes);
byte[] yBytes = new byte[length];
dis.readFully(yBytes);
BigInteger y = new BigInteger(1, yBytes);
return getKeyFactory().generatePublic(new ECPublicKeySpec(new ECPoint(x, y), spec));
} catch (IOException | InvalidKeySpecException e) {
throw new DNSSECValidationFailedException("Invalid public key!", e);
}
}
Aggregations