Examples with AlgorithmFamily - org.gluu.oxauth.model.crypto.signature.AlgorithmFamily

Example 1 with AlgorithmFamily

use of org.gluu.oxauth.model.crypto.signature.AlgorithmFamily in project oxAuth by GluuFederation.

the class AbstractCryptoProvider method getPublicKey.

public PublicKey getPublicKey(String alias, JSONObject jwks, Algorithm requestedAlgorithm) throws Exception {
    java.security.PublicKey publicKey = null;
    JSONArray webKeys = jwks.getJSONArray(JSON_WEB_KEY_SET);
    for (int i = 0; i < webKeys.length(); i++) {
        JSONObject key = webKeys.getJSONObject(i);
        if (alias.equals(key.getString(KEY_ID))) {
            AlgorithmFamily family = null;
            if (key.has(ALGORITHM)) {
                Algorithm algorithm = Algorithm.fromString(key.optString(ALGORITHM));
                if (requestedAlgorithm != null && algorithm != requestedAlgorithm) {
                    LOG.trace("kid matched but algorithm does not match. kid algorithm:" + algorithm + ", requestedAlgorithm:" + requestedAlgorithm + ", kid:" + alias);
                    continue;
                }
                family = algorithm.getFamily();
            } else if (key.has(KEY_TYPE)) {
                family = AlgorithmFamily.fromString(key.getString(KEY_TYPE));
            }
            if (AlgorithmFamily.RSA.equals(family)) {
                KeyFactory keyFactory = KeyFactory.getInstance("RSA");
                RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger(1, Base64Util.base64urldecode(key.getString(MODULUS))), new BigInteger(1, Base64Util.base64urldecode(key.getString(EXPONENT))));
                publicKey = keyFactory.generatePublic(pubKeySpec);
            } else if (AlgorithmFamily.EC.equals(family)) {
                ECEllipticCurve curve = ECEllipticCurve.fromString(key.optString(CURVE));
                AlgorithmParameters parameters = AlgorithmParameters.getInstance(AlgorithmFamily.EC.toString());
                parameters.init(new ECGenParameterSpec(curve.getAlias()));
                ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
                publicKey = KeyFactory.getInstance(AlgorithmFamily.EC.toString()).generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, Base64Util.base64urldecode(key.getString(X))), new BigInteger(1, Base64Util.base64urldecode(key.getString(Y)))), ecParameters));
            }
            if (key.has(EXPIRATION_TIME)) {
                checkKeyExpiration(alias, key.getLong(EXPIRATION_TIME));
            }
        }
    }
    return publicKey;
}

Also used : ECEllipticCurve(org.gluu.oxauth.model.crypto.signature.ECEllipticCurve) JSONArray(org.json.JSONArray) PublicKey(java.security.PublicKey) SignatureAlgorithm(org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm) Algorithm(org.gluu.oxauth.model.jwk.Algorithm) AlgorithmFamily(org.gluu.oxauth.model.crypto.signature.AlgorithmFamily) JSONObject(org.json.JSONObject) BigInteger(java.math.BigInteger) KeyFactory(java.security.KeyFactory) AlgorithmParameters(java.security.AlgorithmParameters)

Example 2 with AlgorithmFamily

use of org.gluu.oxauth.model.crypto.signature.AlgorithmFamily in project oxAuth by GluuFederation.

the class JwtCrossCheckTest method createNimbusJwt.

private static String createNimbusJwt(OxAuthCryptoProvider cryptoProvider, String kid, SignatureAlgorithm signatureAlgorithm) throws Exception {
    final AlgorithmFamily family = signatureAlgorithm.getFamily();
    JWSSigner signer = null;
    switch(family) {
        case RSA:
            signer = new RSASSASigner(RSAKey.load(cryptoProvider.getKeyStore(), kid, cryptoProvider.getKeyStoreSecret().toCharArray()));
            break;
        case EC:
            signer = new com.nimbusds.jose.crypto.ECDSASigner(ECKey.load(cryptoProvider.getKeyStore(), kid, cryptoProvider.getKeyStoreSecret().toCharArray()));
            break;
    }
    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("1202.d50a4eeb-ab5d-474b-aaaf-e4aa47bc54a5").issuer("1202.d50a4eeb-ab5d-474b-aaaf-e4aa47bc54a5").expirationTime(new Date(1575559276888000L)).issueTime(new Date(1575559276888000L)).audience("https://gomer-vbox/oxauth/restv1/token").build();
    SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(signatureAlgorithm.getJwsAlgorithm()).keyID(kid).build(), claimsSet);
    signedJWT.sign(signer);
    return signedJWT.serialize();
}

Also used : JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) SignedJWT(com.nimbusds.jwt.SignedJWT) JWSSigner(com.nimbusds.jose.JWSSigner) AlgorithmFamily(org.gluu.oxauth.model.crypto.signature.AlgorithmFamily) Date(java.util.Date) JWSHeader(com.nimbusds.jose.JWSHeader)

Aggregations

AlgorithmFamily (org.gluu.oxauth.model.crypto.signature.AlgorithmFamily)2 JWSHeader (com.nimbusds.jose.JWSHeader)1 JWSSigner (com.nimbusds.jose.JWSSigner)1 RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)1 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1 SignedJWT (com.nimbusds.jwt.SignedJWT)1 BigInteger (java.math.BigInteger)1 AlgorithmParameters (java.security.AlgorithmParameters)1 KeyFactory (java.security.KeyFactory)1 PublicKey (java.security.PublicKey)1 Date (java.util.Date)1 ECEllipticCurve (org.gluu.oxauth.model.crypto.signature.ECEllipticCurve)1 SignatureAlgorithm (org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm)1 Algorithm (org.gluu.oxauth.model.jwk.Algorithm)1 JSONArray (org.json.JSONArray)1 JSONObject (org.json.JSONObject)1