Search in sources :

Example 61 with InvalidKeySpecException

use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.

the class TokenSignaturesHttpTest method testRS256.

@Parameters({ "clientJwksUri", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void testRS256(final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws NoSuchProviderException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, InvalidKeySpecException, IllegalBlockSizeException, IOException, NoSuchPaddingException, BadPaddingException {
    try {
        showTitle("Test RS256");
        JwkClient jwkClient = new JwkClient(clientJwksUri);
        JwkResponse jwkResponse = jwkClient.exec();
        String signingInput = "eyJhbGciOiJIUzI1NiJ9.eyJub25jZSI6ICI2Qm9HN1QwR0RUZ2wiLCAiaWRfdG9rZW4iOiB7Im1heF9hZ2UiOiA4NjQwMH0sICJzdGF0ZSI6ICJTVEFURTAiLCAicmVkaXJlY3RfdXJpIjogImh0dHBzOi8vbG9jYWxob3N0L2NhbGxiYWNrMSIsICJ1c2VyaW5mbyI6IHsiY2xhaW1zIjogeyJuYW1lIjogbnVsbH19LCAiY2xpZW50X2lkIjogIkAhMTExMSEwMDA4IUU2NTQuQjQ2MCIsICJzY29wZSI6IFsib3BlbmlkIl0sICJyZXNwb25zZV90eXBlIjogWyJjb2RlIl19";
        OxAuthCryptoProvider cryptoProvider = new OxAuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
        String encodedSignature = cryptoProvider.sign(signingInput, keyId, null, SignatureAlgorithm.RS256);
        System.out.println("Encoded Signature: " + encodedSignature);
        boolean signatureVerified = cryptoProvider.verifySignature(signingInput, encodedSignature, keyId, jwkResponse.getJwks().toJSONObject(), null, SignatureAlgorithm.RS256);
        assertTrue(signatureVerified, "Invalid signature");
    } catch (Exception e) {
        fail(e.getMessage(), e);
    }
}
Also used : OxAuthCryptoProvider(org.xdi.oxauth.model.crypto.OxAuthCryptoProvider) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) IOException(java.io.IOException) BadPaddingException(javax.crypto.BadPaddingException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 62 with InvalidKeySpecException

use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.

the class JweDecrypterImpl method decryptEncryptionKey.

@Override
public byte[] decryptEncryptionKey(String encodedEncryptedKey) throws InvalidJweException {
    if (getKeyEncryptionAlgorithm() == null) {
        throw new InvalidJweException("The key encryption algorithm is null");
    }
    if (encodedEncryptedKey == null) {
        throw new InvalidJweException("The encoded encryption key is null");
    }
    try {
        if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA_OAEP || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA1_5) {
            if (rsaPrivateKey == null && privateKey == null) {
                throw new InvalidJweException("The RSA private key is null");
            }
            //Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm(), "BC");
            Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm());
            if (rsaPrivateKey != null) {
                KeyFactory keyFactory = KeyFactory.getInstance(getKeyEncryptionAlgorithm().getFamily(), "BC");
                RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(rsaPrivateKey.getModulus(), rsaPrivateKey.getPrivateExponent());
                java.security.interfaces.RSAPrivateKey privKey = (java.security.interfaces.RSAPrivateKey) keyFactory.generatePrivate(privKeySpec);
                cipher.init(Cipher.DECRYPT_MODE, privKey);
            } else {
                cipher.init(Cipher.DECRYPT_MODE, privateKey);
            }
            byte[] decryptedKey = cipher.doFinal(Base64Util.base64urldecode(encodedEncryptedKey));
            return decryptedKey;
        } else if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A128KW || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A256KW) {
            if (sharedSymmetricKey == null) {
                throw new InvalidJweException("The shared symmetric key is null");
            }
            if (sharedSymmetricKey.length != 16) {
                // 128 bit
                MessageDigest sha = MessageDigest.getInstance("SHA-1");
                sharedSymmetricKey = sha.digest(sharedSymmetricKey);
                sharedSymmetricKey = Arrays.copyOf(sharedSymmetricKey, 16);
            }
            byte[] encryptedKey = Base64Util.base64urldecode(encodedEncryptedKey);
            SecretKeySpec keyEncryptionKey = new SecretKeySpec(sharedSymmetricKey, "AES");
            AESWrapEngine aesWrapEngine = new AESWrapEngine();
            CipherParameters params = new KeyParameter(keyEncryptionKey.getEncoded());
            aesWrapEngine.init(false, params);
            byte[] decryptedKey = aesWrapEngine.unwrap(encryptedKey, 0, encryptedKey.length);
            return decryptedKey;
        } else {
            throw new InvalidJweException("The key encryption algorithm is not supported");
        }
    } catch (NoSuchPaddingException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new InvalidJweException(e);
    } catch (IllegalBlockSizeException e) {
        throw new InvalidJweException(e);
    } catch (BadPaddingException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchProviderException e) {
        throw new InvalidJweException(e);
    } catch (InvalidKeyException e) {
        throw new InvalidJweException(e);
    } catch (InvalidKeySpecException e) {
        throw new InvalidJweException(e);
    } catch (InvalidCipherTextException e) {
        throw new InvalidJweException(e);
    }
}
Also used : InvalidCipherTextException(org.bouncycastle.crypto.InvalidCipherTextException) KeyParameter(org.bouncycastle.crypto.params.KeyParameter) CipherParameters(org.bouncycastle.crypto.CipherParameters) java.security(java.security) RSAPrivateKeySpec(java.security.spec.RSAPrivateKeySpec) SecretKeySpec(javax.crypto.spec.SecretKeySpec) AESWrapEngine(org.bouncycastle.crypto.engines.AESWrapEngine) BlockCipher(org.bouncycastle.crypto.BlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) RSAPrivateKey(org.xdi.oxauth.model.crypto.signature.RSAPrivateKey) InvalidJweException(org.xdi.oxauth.model.exception.InvalidJweException)

Example 63 with InvalidKeySpecException

use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.

the class ECSigner method sign.

@Deprecated
@Override
public String sign(String signingInput) throws Exception {
    if (Strings.isNullOrEmpty(signingInput)) {
        throw new Exception("Invalid signing input");
    }
    try {
        ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(getSignatureAlgorithm().getCurve().getName());
        ECPrivateKeySpec privateKeySpec = new ECPrivateKeySpec(ecdsaPrivateKey.getD(), ecSpec);
        KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
        PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec);
        Signature signature = Signature.getInstance(getSignatureAlgorithm().getAlgorithm(), "BC");
        signature.initSign(privateKey);
        signature.update(signingInput.getBytes(Util.UTF8_STRING_ENCODING));
        return Base64Util.base64urlencode(signature.sign());
    } catch (NoSuchAlgorithmException e) {
        throw new Exception("There was a problem in EC signing", e);
    } catch (UnsupportedEncodingException e) {
        throw new Exception("There was a problem in EC signing", e);
    } catch (SignatureException e) {
        throw new Exception("There was a problem in EC signing", e);
    } catch (NoSuchProviderException e) {
        throw new Exception("There was a problem in EC signing", e);
    } catch (InvalidKeyException e) {
        throw new Exception("There was a problem in EC signing", e);
    } catch (InvalidKeySpecException e) {
        throw new Exception("There was a problem in EC signing", e);
    }
}
Also used : ECPrivateKeySpec(org.bouncycastle.jce.spec.ECPrivateKeySpec) ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec) UnsupportedEncodingException(java.io.UnsupportedEncodingException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 64 with InvalidKeySpecException

use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.

the class ECSigner method verifySignature.

@Deprecated
@Override
public boolean verifySignature(String signingInput, String signature) throws Exception {
    if (Strings.isNullOrEmpty(signingInput)) {
        return false;
    }
    if (Strings.isNullOrEmpty(signature)) {
        return false;
    }
    try {
        byte[] sigBytes = Base64Util.base64urldecode(signature);
        byte[] sigInBytes = signingInput.getBytes(Util.UTF8_STRING_ENCODING);
        ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(getSignatureAlgorithm().getCurve().getName());
        BigInteger q = ((ECCurve.Fp) ecSpec.getCurve()).getQ();
        ECFieldElement xFieldElement = new ECFieldElement.Fp(q, ecdsaPublicKey.getX());
        ECFieldElement yFieldElement = new ECFieldElement.Fp(q, ecdsaPublicKey.getY());
        ECPoint pointQ = new ECPoint.Fp(ecSpec.getCurve(), xFieldElement, yFieldElement);
        ECPublicKeySpec publicKeySpec = new ECPublicKeySpec(pointQ, ecSpec);
        KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
        PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
        Signature sig = Signature.getInstance(getSignatureAlgorithm().getAlgorithm(), "BC");
        sig.initVerify(publicKey);
        sig.update(sigInBytes);
        return sig.verify(sigBytes);
    } catch (NoSuchAlgorithmException e) {
        throw new Exception("There was a problem in EC verifier", e);
    } catch (UnsupportedEncodingException e) {
        throw new Exception("There was a problem in EC verifier", e);
    } catch (SignatureException e) {
        throw new Exception("There was a problem in EC verifier", e);
    } catch (NoSuchProviderException e) {
        throw new Exception("There was a problem in EC verifier", e);
    } catch (InvalidKeyException e) {
        throw new Exception("There was a problem in EC verifier", e);
    } catch (InvalidKeySpecException e) {
        throw new Exception("There was a problem in EC verifier", e);
    }
}
Also used : UnsupportedEncodingException(java.io.UnsupportedEncodingException) ECPoint(org.bouncycastle.math.ec.ECPoint) ECPublicKeySpec(org.bouncycastle.jce.spec.ECPublicKeySpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec) BigInteger(java.math.BigInteger) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) ECFieldElement(org.bouncycastle.math.ec.ECFieldElement)

Example 65 with InvalidKeySpecException

use of java.security.spec.InvalidKeySpecException in project oxAuth by GluuFederation.

the class ECDSASigner method generateSignature.

@Override
public String generateSignature(String signingInput) throws SignatureException {
    if (getSignatureAlgorithm() == null) {
        throw new SignatureException("The signature algorithm is null");
    }
    if (ecdsaPrivateKey == null) {
        throw new SignatureException("The ECDSA private key is null");
    }
    if (signingInput == null) {
        throw new SignatureException("The signing input is null");
    }
    try {
        ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(getSignatureAlgorithm().getCurve().getName());
        ECPrivateKeySpec privateKeySpec = new ECPrivateKeySpec(ecdsaPrivateKey.getD(), ecSpec);
        KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
        PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec);
        Signature signature = Signature.getInstance(getSignatureAlgorithm().getAlgorithm(), "BC");
        signature.initSign(privateKey);
        signature.update(signingInput.getBytes(Util.UTF8_STRING_ENCODING));
        return Base64Util.base64urlencode(signature.sign());
    } catch (InvalidKeySpecException e) {
        throw new SignatureException(e);
    } catch (InvalidKeyException e) {
        throw new SignatureException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new SignatureException(e);
    } catch (NoSuchProviderException e) {
        throw new SignatureException(e);
    } catch (UnsupportedEncodingException e) {
        throw new SignatureException(e);
    } catch (Exception e) {
        throw new SignatureException(e);
    }
}
Also used : ECPrivateKeySpec(org.bouncycastle.jce.spec.ECPrivateKeySpec) ECDSAPrivateKey(org.xdi.oxauth.model.crypto.signature.ECDSAPrivateKey) ECParameterSpec(org.bouncycastle.jce.spec.ECParameterSpec) UnsupportedEncodingException(java.io.UnsupportedEncodingException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Aggregations

InvalidKeySpecException (java.security.spec.InvalidKeySpecException)237 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)147 KeyFactory (java.security.KeyFactory)99 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)93 InvalidKeyException (java.security.InvalidKeyException)62 PublicKey (java.security.PublicKey)57 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)56 IOException (java.io.IOException)51 PrivateKey (java.security.PrivateKey)40 SecretKeyFactory (javax.crypto.SecretKeyFactory)30 PBEKeySpec (javax.crypto.spec.PBEKeySpec)27 SignatureException (java.security.SignatureException)22 UnsupportedEncodingException (java.io.UnsupportedEncodingException)21 KeySpec (java.security.spec.KeySpec)19 BadPaddingException (javax.crypto.BadPaddingException)19 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)19 BigInteger (java.math.BigInteger)17 SecretKeySpec (javax.crypto.spec.SecretKeySpec)16 NoSuchProviderException (java.security.NoSuchProviderException)15 RSAPublicKey (java.security.interfaces.RSAPublicKey)15