use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.
the class TokenSignaturesHttpTest method testRS256.
@Parameters({ "clientJwksUri", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testRS256(final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, InvalidKeySpecException, IllegalBlockSizeException, IOException, NoSuchPaddingException, BadPaddingException {
try {
showTitle("Test RS256");
JwkClient jwkClient = new JwkClient(clientJwksUri);
JwkResponse jwkResponse = jwkClient.exec();
String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19";
OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
String encodedSignature = cryptoProvider.sign(signingInput, keyId, null, SignatureAlgorithm.RS256);
System.out.println("Encoded Signature: " + encodedSignature);
boolean signatureVerified = cryptoProvider.verifySignature(signingInput, encodedSignature, keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.RS256);
assertTrue(signatureVerified, "Invalid signature");
} catch (Exception e) {
fail(e.getMessage(), e);
}
}
use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.
the class JweDecrypterImpl method decryptEncryptionKey.
@Override
public byte[] decryptEncryptionKey(String encodedEncryptedKey) throws InvalidJweException {
if (getKeyEncryptionAlgorithm() == null) {
throw new InvalidJweException("The key encryption algorithm is null");
}
if (encodedEncryptedKey == null) {
throw new InvalidJweException("The encoded encryption key is null");
}
try {
if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA_OAEP || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA1_5) {
if (rsaPrivateKey == null && privateKey == null) {
throw new InvalidJweException("The RSA private key is null");
}
//Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm(), "BC");
Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm());
if (rsaPrivateKey != null) {
KeyFactory keyFactory = KeyFactory.getInstance(getKeyEncryptionAlgorithm().getFamily(), "BC");
RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(rsaPrivateKey.getModulus(), rsaPrivateKey.getPrivateExponent());
java.security.interfaces.RSAPrivateKey privKey = (java.security.interfaces.RSAPrivateKey) keyFactory.generatePrivate(privKeySpec);
cipher.init(Cipher.DECRYPT_MODE, privKey);
} else {
cipher.init(Cipher.DECRYPT_MODE, privateKey);
}
byte[] decryptedKey = cipher.doFinal(Base64Util.base64urldecode(encodedEncryptedKey));
return decryptedKey;
} else if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A128KW || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A256KW) {
if (sharedSymmetricKey == null) {
throw new InvalidJweException("The shared symmetric key is null");
}
if (sharedSymmetricKey.length != 16) {
// 128 bit
MessageDigest sha = MessageDigest.getInstance("SHA-1");
sharedSymmetricKey = sha.digest(sharedSymmetricKey);
sharedSymmetricKey = Arrays.copyOf(sharedSymmetricKey, 16);
}
byte[] encryptedKey = Base64Util.base64urldecode(encodedEncryptedKey);
SecretKeySpec keyEncryptionKey = new SecretKeySpec(sharedSymmetricKey, "AES");
AESWrapEngine aesWrapEngine = new AESWrapEngine();
CipherParameters params = new KeyParameter(keyEncryptionKey.getEncoded());
aesWrapEngine.init(false, params);
byte[] decryptedKey = aesWrapEngine.unwrap(encryptedKey, 0, encryptedKey.length);
return decryptedKey;
} else {
throw new InvalidJweException("The key encryption algorithm is not supported");
}
} catch (NoSuchPaddingException e) {
throw new InvalidJweException(e);
} catch (NoSuchAlgorithmException e) {
throw new InvalidJweException(e);
} catch (IllegalBlockSizeException e) {
throw new InvalidJweException(e);
} catch (BadPaddingException e) {
throw new InvalidJweException(e);
} catch (NoSuchProviderException e) {
throw new InvalidJweException(e);
} catch (InvalidKeyException e) {
throw new InvalidJweException(e);
} catch (InvalidKeySpecException e) {
throw new InvalidJweException(e);
} catch (InvalidCipherTextException e) {
throw new InvalidJweException(e);
}
}
use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.
the class ECSigner method sign.
@Deprecated
@Override
public String sign(String signingInput) throws Exception {
if (Strings.isNullOrEmpty(signingInput)) {
throw new Exception("Invalid signing input");
}
try {
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(getSignatureAlgorithm().getCurve().getName());
ECPrivateKeySpec privateKeySpec = new ECPrivateKeySpec(ecdsaPrivateKey.getD(), ecSpec);
KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec);
Signature signature = Signature.getInstance(getSignatureAlgorithm().getAlgorithm(), "BC");
signature.initSign(privateKey);
signature.update(signingInput.getBytes(Util.UTF8_STRING_ENCODING));
return Base64Util.base64urlencode(signature.sign());
} catch (NoSuchAlgorithmException e) {
throw new Exception("There was a problem in EC signing", e);
} catch (UnsupportedEncodingException e) {
throw new Exception("There was a problem in EC signing", e);
} catch (SignatureException e) {
throw new Exception("There was a problem in EC signing", e);
} catch (NoSuchProviderException e) {
throw new Exception("There was a problem in EC signing", e);
} catch (InvalidKeyException e) {
throw new Exception("There was a problem in EC signing", e);
} catch (InvalidKeySpecException e) {
throw new Exception("There was a problem in EC signing", e);
}
}
use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.
the class ECSigner method verifySignature.
@Deprecated
@Override
public boolean verifySignature(String signingInput, String signature) throws Exception {
if (Strings.isNullOrEmpty(signingInput)) {
return false;
}
if (Strings.isNullOrEmpty(signature)) {
return false;
}
try {
byte[] sigBytes = Base64Util.base64urldecode(signature);
byte[] sigInBytes = signingInput.getBytes(Util.UTF8_STRING_ENCODING);
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(getSignatureAlgorithm().getCurve().getName());
BigInteger q = ((ECCurve.Fp) ecSpec.getCurve()).getQ();
ECFieldElement xFieldElement = new ECFieldElement.Fp(q, ecdsaPublicKey.getX());
ECFieldElement yFieldElement = new ECFieldElement.Fp(q, ecdsaPublicKey.getY());
ECPoint pointQ = new ECPoint.Fp(ecSpec.getCurve(), xFieldElement, yFieldElement);
ECPublicKeySpec publicKeySpec = new ECPublicKeySpec(pointQ, ecSpec);
KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
Signature sig = Signature.getInstance(getSignatureAlgorithm().getAlgorithm(), "BC");
sig.initVerify(publicKey);
sig.update(sigInBytes);
return sig.verify(sigBytes);
} catch (NoSuchAlgorithmException e) {
throw new Exception("There was a problem in EC verifier", e);
} catch (UnsupportedEncodingException e) {
throw new Exception("There was a problem in EC verifier", e);
} catch (SignatureException e) {
throw new Exception("There was a problem in EC verifier", e);
} catch (NoSuchProviderException e) {
throw new Exception("There was a problem in EC verifier", e);
} catch (InvalidKeyException e) {
throw new Exception("There was a problem in EC verifier", e);
} catch (InvalidKeySpecException e) {
throw new Exception("There was a problem in EC verifier", e);
}
}
use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.
the class ECDSASigner method generateSignature.
@Override
public String generateSignature(String signingInput) throws SignatureException {
if (getSignatureAlgorithm() == null) {
throw new SignatureException("The signature algorithm is null");
}
if (ecdsaPrivateKey == null) {
throw new SignatureException("The ECDSA private key is null");
}
if (signingInput == null) {
throw new SignatureException("The signing input is null");
}
try {
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(getSignatureAlgorithm().getCurve().getName());
ECPrivateKeySpec privateKeySpec = new ECPrivateKeySpec(ecdsaPrivateKey.getD(), ecSpec);
KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec);
Signature signature = Signature.getInstance(getSignatureAlgorithm().getAlgorithm(), "BC");
signature.initSign(privateKey);
signature.update(signingInput.getBytes(Util.UTF8_STRING_ENCODING));
return Base64Util.base64urlencode(signature.sign());
} catch (InvalidKeySpecException e) {
throw new SignatureException(e);
} catch (InvalidKeyException e) {
throw new SignatureException(e);
} catch (NoSuchAlgorithmException e) {
throw new SignatureException(e);
} catch (NoSuchProviderException e) {
throw new SignatureException(e);
} catch (UnsupportedEncodingException e) {
throw new SignatureException(e);
} catch (Exception e) {
throw new SignatureException(e);
}
}
Aggregations