Search in sources :

Example 1 with EdDSAPublicKey

use of org.bouncycastle.jcajce.interfaces.EdDSAPublicKey in project jans by JanssenProject.

the class AuthCryptoProvider method getJson.

private JSONObject getJson(final Algorithm algorithm, final KeyPairGenerator keyGen, final String signatureAlgorithmStr, final Long expirationTime) throws NoSuchAlgorithmException, OperatorCreationException, CertificateException, KeyStoreException, IOException {
    // Generate the key
    KeyPair keyPair = keyGen.generateKeyPair();
    PrivateKey pk = keyPair.getPrivate();
    // Java API requires a certificate chain
    X509Certificate cert = generateV3Certificate(keyPair, dnName, signatureAlgorithmStr, expirationTime);
    X509Certificate[] chain = new X509Certificate[1];
    chain[0] = cert;
    String alias = UUID.randomUUID().toString() + getKidSuffix(algorithm.getUse(), algorithm);
    keyStore.setKeyEntry(alias, pk, keyStoreSecret.toCharArray(), chain);
    final String oldAliasByAlgorithm = getAliasByAlgorithmForDeletion(algorithm, alias);
    if (StringUtils.isNotBlank(oldAliasByAlgorithm)) {
        keyStore.deleteEntry(oldAliasByAlgorithm);
        LOG.trace("New key: " + alias + ", deleted key: " + oldAliasByAlgorithm);
    }
    try (FileOutputStream stream = new FileOutputStream(keyStoreFile)) {
        keyStore.store(stream, keyStoreSecret.toCharArray());
    }
    final PublicKey publicKey = keyPair.getPublic();
    Use use = algorithm.getUse();
    JSONObject jsonObject = new JSONObject();
    jsonObject.put(JWKParameter.KEY_TYPE, algorithm.getFamily());
    jsonObject.put(JWKParameter.KEY_ID, alias);
    jsonObject.put(JWKParameter.KEY_USE, algorithm.getUse().getParamName());
    jsonObject.put(JWKParameter.ALGORITHM, algorithm.getParamName());
    jsonObject.put(JWKParameter.EXPIRATION_TIME, expirationTime);
    if (publicKey instanceof RSAPublicKey) {
        RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
        jsonObject.put(JWKParameter.MODULUS, Base64Util.base64urlencodeUnsignedBigInt(rsaPublicKey.getModulus()));
        jsonObject.put(JWKParameter.EXPONENT, Base64Util.base64urlencodeUnsignedBigInt(rsaPublicKey.getPublicExponent()));
    } else if (publicKey instanceof ECPublicKey) {
        ECPublicKey ecPublicKey = (ECPublicKey) publicKey;
        if (use == Use.SIGNATURE) {
            SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(algorithm.getParamName());
            jsonObject.put(JWKParameter.CURVE, signatureAlgorithm.getCurve().getName());
        } else if (use == Use.ENCRYPTION) {
            KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.fromName(algorithm.getParamName());
            jsonObject.put(JWKParameter.CURVE, keyEncryptionAlgorithm.getCurve().getName());
        }
        jsonObject.put(JWKParameter.X, Base64Util.base64urlencodeUnsignedBigInt(ecPublicKey.getW().getAffineX()));
        jsonObject.put(JWKParameter.Y, Base64Util.base64urlencodeUnsignedBigInt(ecPublicKey.getW().getAffineY()));
    } else if (use == Use.SIGNATURE && publicKey instanceof EdDSAPublicKey) {
        EdDSAPublicKey edDSAPublicKey = (EdDSAPublicKey) publicKey;
        SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(algorithm.getParamName());
        jsonObject.put(JWKParameter.CURVE, signatureAlgorithm.getCurve().getName());
        jsonObject.put(JWKParameter.X, Base64Util.base64urlencode(edDSAPublicKey.getEncoded()));
    // EdDSA keys (EdDSAPublicKey, EDDSAPrivateKey) don't use BigInteger, but only byte[],
    // so Base64Util.base64urlencode, but not Base64Util.base64urlencodeUnsignedBigInt is used.
    }
    JSONArray x5c = new JSONArray();
    x5c.put(Base64.encodeBase64String(cert.getEncoded()));
    jsonObject.put(JWKParameter.CERTIFICATE_CHAIN, x5c);
    return jsonObject;
}
Also used : KeyPair(java.security.KeyPair) EdDSAPublicKey(org.bouncycastle.jcajce.interfaces.EdDSAPublicKey) PrivateKey(java.security.PrivateKey) RSAPublicKey(java.security.interfaces.RSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) PublicKey(java.security.PublicKey) EdDSAPublicKey(org.bouncycastle.jcajce.interfaces.EdDSAPublicKey) Use(io.jans.as.model.jwk.Use) JSONArray(org.json.JSONArray) SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm) X509Certificate(java.security.cert.X509Certificate) JSONObject(org.json.JSONObject) RSAPublicKey(java.security.interfaces.RSAPublicKey) ECPublicKey(java.security.interfaces.ECPublicKey) FileOutputStream(java.io.FileOutputStream) KeyEncryptionAlgorithm(io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)

Aggregations

KeyEncryptionAlgorithm (io.jans.as.model.crypto.encryption.KeyEncryptionAlgorithm)1 SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)1 Use (io.jans.as.model.jwk.Use)1 FileOutputStream (java.io.FileOutputStream)1 KeyPair (java.security.KeyPair)1 PrivateKey (java.security.PrivateKey)1 PublicKey (java.security.PublicKey)1 X509Certificate (java.security.cert.X509Certificate)1 ECPublicKey (java.security.interfaces.ECPublicKey)1 RSAPublicKey (java.security.interfaces.RSAPublicKey)1 EdDSAPublicKey (org.bouncycastle.jcajce.interfaces.EdDSAPublicKey)1 JSONArray (org.json.JSONArray)1 JSONObject (org.json.JSONObject)1