Examples with JwsAlgorithm org.forgerock.json.jose.jws.JwsAlgorithm used on opensource projects

Example 1 with JwsAlgorithm

use of org.forgerock.json.jose.jws.JwsAlgorithm in project OpenAM by OpenRock.

the class OpenIdConnectTokenGenerationImpl method generate.

@Override
public String generate(SSOToken subjectToken, STSInstanceState stsInstanceState, TokenGenerationServiceInvocationState invocationState) throws TokenCreationException {
    final OpenIdConnectTokenConfig tokenConfig = stsInstanceState.getConfig().getOpenIdConnectTokenConfig();
    final long issueInstant = System.currentTimeMillis();
    final String subject = ssoTokenIdentity.validateAndGetTokenPrincipal(subjectToken);
    STSOpenIdConnectToken openIdConnectToken = buildToken(subjectToken, tokenConfig, invocationState.getOpenIdConnectTokenGenerationState(), issueInstant / 1000, subject);
    final JwsAlgorithm jwsAlgorithm = tokenConfig.getSignatureAlgorithm();
    final JwsAlgorithmType jwsAlgorithmType = jwsAlgorithm.getAlgorithmType();
    String tokenString;
    if (JwsAlgorithmType.HMAC.equals(jwsAlgorithmType)) {
        final SignedJwt signedJwt = symmetricSign(openIdConnectToken, jwsAlgorithm, tokenConfig.getClientSecret());
        tokenString = signedJwt.build();
    } else if (JwsAlgorithmType.RSA.equals(jwsAlgorithmType)) {
        final SignedJwt signedJwt = asymmetricSign(openIdConnectToken, jwsAlgorithm, getKeyPair(stsInstanceState.getOpenIdConnectTokenPKIProvider(), tokenConfig.getSignatureKeyAlias(), tokenConfig.getSignatureKeyPassword()), determinePublicKeyReferenceType(tokenConfig));
        tokenString = signedJwt.build();
    } else {
        throw new TokenCreationException(ResourceException.BAD_REQUEST, "Unknown JwsAlgorithmType: " + jwsAlgorithmType);
    }
    if (stsInstanceState.getConfig().persistIssuedTokensInCTS()) {
        try {
            ctsTokenPersistence.persistToken(invocationState.getStsInstanceId(), TokenType.OPENIDCONNECT, tokenString, subject, issueInstant, tokenConfig.getTokenLifetimeInSeconds());
        } catch (CTSTokenPersistenceException e) {
            throw new TokenCreationException(e.getCode(), e.getMessage(), e);
        }
    }
    return tokenString;
}

Example 2 with JwsAlgorithm

use of org.forgerock.json.jose.jws.JwsAlgorithm in project OpenAM by OpenRock.

the class IdTokenClaimGatherer method verify.

private boolean verify(byte[] clientSecret, KeyPair keyPair, SignedJwt signedJwt) {
    JwsAlgorithm jwsAlgorithm = signedJwt.getHeader().getAlgorithm();
    SigningHandler signingHandler;
    if (JwsAlgorithmType.RSA.equals(jwsAlgorithm.getAlgorithmType())) {
        signingHandler = signingManager.newRsaSigningHandler(keyPair.getPublic());
    } else {
        signingHandler = signingManager.newHmacSigningHandler(clientSecret);
    }
    return signedJwt.verify(signingHandler);
}

Example 3 with JwsAlgorithm

use of org.forgerock.json.jose.jws.JwsAlgorithm in project OpenAM by OpenRock.

the class OpenIdConnectToken method sign.

/**
     * Signs the OpenId Connect token.
     *
     * @return A SignedJwt
     * @throws SignatureException If an error occurs with the signing of the OpenId Connect token.
     */
public SignedJwt sign() throws SignatureException {
    final JwsAlgorithm jwsAlgorithm = JwsAlgorithm.valueOf(algorithm);
    if (jwsAlgorithm == null) {
        logger.error("Unable to find jws algorithm for: " + algorithm);
        throw new SignatureException();
    }
    final SigningHandler signingHandler;
    if (JwsAlgorithmType.RSA.equals(jwsAlgorithm.getAlgorithmType())) {
        signingHandler = new SigningManager().newRsaSigningHandler(keyPair.getPrivate());
    } else {
        signingHandler = new SigningManager().newHmacSigningHandler(clientSecret);
    }
    JwsHeaderBuilder builder = jwtBuilderFactory.jws(signingHandler).headers().alg(jwsAlgorithm);
    JwtClaimsSet claimsSet = jwtBuilderFactory.claims().claims(asMap()).build();
    if (kid != null) {
        builder.kid(kid);
    }
    return builder.done().claims(claimsSet).asJwt();
}

Example 4 with JwsAlgorithm

use of org.forgerock.json.jose.jws.JwsAlgorithm in project OpenAM by OpenRock.

the class OpenAMTokenStore method generateHash.

/**
     * Generates hash values, by hashing the valueToEncode using the requests's "alg"
     * parameter, then returning the base64url encoding of the
     * leftmost half of the returned bytes. Used for both at_hash and c_hash claims.
     */
private String generateHash(String algorithm, String valueToEncode, OAuth2ProviderSettings providerSettings) throws ServerException {
    if (!providerSettings.getSupportedIDTokenSigningAlgorithms().contains(algorithm)) {
        logger.message("Unsupported signing algorithm requested for hash value.");
        return null;
    }
    final JwsAlgorithm alg = JwsAlgorithm.valueOf(algorithm);
    MessageDigest digest;
    try {
        digest = MessageDigest.getInstance(alg.getMdAlgorithm());
    } catch (NoSuchAlgorithmException e) {
        logger.message("Unsupported signing algorithm chosen for hashing.");
        throw new ServerException("Algorithm not supported.");
    }
    final byte[] result = digest.digest(valueToEncode.getBytes(Utils.CHARSET));
    final byte[] toEncode = Arrays.copyOfRange(result, 0, result.length / 2);
    return Base64url.encode(toEncode);
}