use of org.bouncycastle.jcajce.interfaces.EdDSAPublicKey in project jans by JanssenProject.
the class AuthCryptoProvider method getJson.
private JSONObject getJson(final Algorithm algorithm, final KeyPairGenerator keyGen, final String signatureAlgorithmStr, final Long expirationTime) throws NoSuchAlgorithmException, OperatorCreationException, CertificateException, KeyStoreException, IOException {
// Generate the key
KeyPair keyPair = keyGen.generateKeyPair();
PrivateKey pk = keyPair.getPrivate();
// Java API requires a certificate chain
X509Certificate cert = generateV3Certificate(keyPair, dnName, signatureAlgorithmStr, expirationTime);
X509Certificate[] chain = new X509Certificate[1];
chain[0] = cert;
String alias = UUID.randomUUID().toString() + getKidSuffix(algorithm.getUse(), algorithm);
keyStore.setKeyEntry(alias, pk, keyStoreSecret.toCharArray(), chain);
final String oldAliasByAlgorithm = getAliasByAlgorithmForDeletion(algorithm, alias);
if (StringUtils.isNotBlank(oldAliasByAlgorithm)) {
keyStore.deleteEntry(oldAliasByAlgorithm);
LOG.trace("New key: " + alias + ", deleted key: " + oldAliasByAlgorithm);
}
try (FileOutputStream stream = new FileOutputStream(keyStoreFile)) {
keyStore.store(stream, keyStoreSecret.toCharArray());
}
final PublicKey publicKey = keyPair.getPublic();
Use use = algorithm.getUse();
JSONObject jsonObject = new JSONObject();
jsonObject.put(JWKParameter.KEY_TYPE, algorithm.getFamily());
jsonObject.put(JWKParameter.KEY_ID, alias);
jsonObject.put(JWKParameter.KEY_USE, algorithm.getUse().getParamName());
jsonObject.put(JWKParameter.ALGORITHM, algorithm.getParamName());
jsonObject.put(JWKParameter.EXPIRATION_TIME, expirationTime);
if (publicKey instanceof RSAPublicKey) {
RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
jsonObject.put(JWKParameter.MODULUS, Base64Util.base64urlencodeUnsignedBigInt(rsaPublicKey.getModulus()));
jsonObject.put(JWKParameter.EXPONENT, Base64Util.base64urlencodeUnsignedBigInt(rsaPublicKey.getPublicExponent()));
} else if (publicKey instanceof ECPublicKey) {
ECPublicKey ecPublicKey = (ECPublicKey) publicKey;
if (use == Use.SIGNATURE) {
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(algorithm.getParamName());
jsonObject.put(JWKParameter.CURVE, signatureAlgorithm.getCurve().getName());
} else if (use == Use.ENCRYPTION) {
KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.fromName(algorithm.getParamName());
jsonObject.put(JWKParameter.CURVE, keyEncryptionAlgorithm.getCurve().getName());
}
jsonObject.put(JWKParameter.X, Base64Util.base64urlencodeUnsignedBigInt(ecPublicKey.getW().getAffineX()));
jsonObject.put(JWKParameter.Y, Base64Util.base64urlencodeUnsignedBigInt(ecPublicKey.getW().getAffineY()));
} else if (use == Use.SIGNATURE && publicKey instanceof EdDSAPublicKey) {
EdDSAPublicKey edDSAPublicKey = (EdDSAPublicKey) publicKey;
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(algorithm.getParamName());
jsonObject.put(JWKParameter.CURVE, signatureAlgorithm.getCurve().getName());
jsonObject.put(JWKParameter.X, Base64Util.base64urlencode(edDSAPublicKey.getEncoded()));
// EdDSA keys (EdDSAPublicKey, EDDSAPrivateKey) don't use BigInteger, but only byte[],
// so Base64Util.base64urlencode, but not Base64Util.base64urlencodeUnsignedBigInt is used.
}
JSONArray x5c = new JSONArray();
x5c.put(Base64.encodeBase64String(cert.getEncoded()));
jsonObject.put(JWKParameter.CERTIFICATE_CHAIN, x5c);
return jsonObject;
}
Aggregations