use of org.gluu.oxauth.model.crypto.PublicKey in project oxAuth by GluuFederation.
the class JwtUtil method getPublicKey.
public static PublicKey getPublicKey(String jwksUri, String jwks, SignatureAlgorithm signatureAlgorithm, String keyId) {
log.debug("Retrieving JWK...");
JSONObject jsonKeyValue = getJsonKey(jwksUri, jwks, keyId);
if (jsonKeyValue == null) {
return null;
}
org.gluu.oxauth.model.crypto.PublicKey publicKey = null;
try {
String resultKeyId = jsonKeyValue.getString(KEY_ID);
if (signatureAlgorithm == null) {
signatureAlgorithm = SignatureAlgorithm.fromString(jsonKeyValue.getString(ALGORITHM));
if (signatureAlgorithm == null) {
log.error(String.format("Failed to determine key '%s' signature algorithm", resultKeyId));
return null;
}
}
JSONObject jsonPublicKey = jsonKeyValue;
if (jsonKeyValue.has(PUBLIC_KEY)) {
// Use internal jwks.json format
jsonPublicKey = jsonKeyValue.getJSONObject(PUBLIC_KEY);
}
if (signatureAlgorithm == SignatureAlgorithm.RS256 || signatureAlgorithm == SignatureAlgorithm.RS384 || signatureAlgorithm == SignatureAlgorithm.RS512) {
// String alg = jsonKeyValue.getString(ALGORITHM);
// String use = jsonKeyValue.getString(KEY_USE);
String exp = jsonPublicKey.getString(EXPONENT);
String mod = jsonPublicKey.getString(MODULUS);
BigInteger publicExponent = new BigInteger(1, Base64Util.base64urldecode(exp));
BigInteger modulus = new BigInteger(1, Base64Util.base64urldecode(mod));
publicKey = new RSAPublicKey(modulus, publicExponent);
} else if (signatureAlgorithm == SignatureAlgorithm.ES256 || signatureAlgorithm == SignatureAlgorithm.ES384 || signatureAlgorithm == SignatureAlgorithm.ES512) {
// String alg = jsonKeyValue.getString(ALGORITHM);
// String use = jsonKeyValue.getString(KEY_USE);
// String crv = jsonKeyValue.getString(CURVE);
String xx = jsonPublicKey.getString(X);
String yy = jsonPublicKey.getString(Y);
BigInteger x = new BigInteger(1, Base64Util.base64urldecode(xx));
BigInteger y = new BigInteger(1, Base64Util.base64urldecode(yy));
publicKey = new ECDSAPublicKey(signatureAlgorithm, x, y);
}
if (publicKey != null && jsonKeyValue.has(CERTIFICATE_CHAIN)) {
final String BEGIN = "-----BEGIN CERTIFICATE-----";
final String END = "-----END CERTIFICATE-----";
JSONArray certChain = jsonKeyValue.getJSONArray(CERTIFICATE_CHAIN);
String certificateString = BEGIN + "\n" + certChain.getString(0) + "\n" + END;
StringReader sr = new StringReader(certificateString);
PEMParser pemReader = new PEMParser(sr);
X509Certificate cert = (X509CertificateObject) pemReader.readObject();
Certificate certificate = new Certificate(signatureAlgorithm, cert);
publicKey.setCertificate(certificate);
}
if (publicKey != null) {
publicKey.setKeyId(resultKeyId);
publicKey.setSignatureAlgorithm(signatureAlgorithm);
}
} catch (Exception ex) {
log.error(ex.getMessage(), ex);
}
return publicKey;
}
use of org.gluu.oxauth.model.crypto.PublicKey in project oxAuth by GluuFederation.
the class JwkClient method getRSAPublicKey.
public static RSAPublicKey getRSAPublicKey(String jwkSetUri, String keyId, ClientHttpEngine engine) {
RSAPublicKey publicKey = null;
JwkClient jwkClient = new JwkClient(jwkSetUri);
jwkClient.setExecutor(engine);
JwkResponse jwkResponse = jwkClient.exec();
if (jwkResponse != null && jwkResponse.getStatus() == 200) {
PublicKey pk = jwkResponse.getPublicKey(keyId);
if (pk instanceof RSAPublicKey) {
publicKey = (RSAPublicKey) pk;
}
}
return publicKey;
}
use of org.gluu.oxauth.model.crypto.PublicKey in project oxAuth by GluuFederation.
the class JwkClient method getECDSAPublicKey.
public static ECDSAPublicKey getECDSAPublicKey(String jwkSetUrl, String keyId, ClientHttpEngine engine) {
ECDSAPublicKey publicKey = null;
JwkClient jwkClient = new JwkClient(jwkSetUrl);
if (engine != null) {
jwkClient.setExecutor(engine);
}
JwkResponse jwkResponse = jwkClient.exec();
if (jwkResponse != null && jwkResponse.getStatus() == 200) {
PublicKey pk = jwkResponse.getPublicKey(keyId);
if (pk instanceof ECDSAPublicKey) {
publicKey = (ECDSAPublicKey) pk;
}
}
return publicKey;
}
use of org.gluu.oxauth.model.crypto.PublicKey in project oxAuth by GluuFederation.
the class JwkResponse method getPublicKey.
@Deprecated
public PublicKey getPublicKey(String keyId) {
PublicKey publicKey = null;
JSONWebKey JSONWebKey = getKeyValue(keyId);
if (JSONWebKey != null) {
switch(JSONWebKey.getKty()) {
case RSA:
publicKey = new RSAPublicKey(JSONWebKey.getN(), JSONWebKey.getE());
break;
case EC:
publicKey = new ECDSAPublicKey(SignatureAlgorithm.fromString(JSONWebKey.getAlg().getParamName()), JSONWebKey.getX(), JSONWebKey.getY());
break;
default:
break;
}
}
return publicKey;
}
Aggregations