Example 11 with RSAPublicKey
use of org.gluu.oxauth.model.crypto.signature.RSAPublicKey in project oxAuth by GluuFederation.
the class ResponseTypesRestrictionHttpTest method responseTypesCodeIdToken.
/**
* Registering with the response_types param <code>code, id_token</code>.
*/
@Parameters({ "redirectUris", "userId", "userSecret", "redirectUri", "sectorIdentifierUri" })
@Test
public void responseTypesCodeIdToken(final String redirectUris, final String userId, final String userSecret, final String redirectUri, final String sectorIdentifierUri) throws Exception {
showTitle("responseTypesCodeIdToken");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
String registrationAccessToken = registerResponse.getRegistrationAccessToken();
String registrationClientUri = registerResponse.getRegistrationClientUri();
// 2. Client read
RegisterRequest readClientRequest = new RegisterRequest(registrationAccessToken);
RegisterClient readClient = new RegisterClient(registrationClientUri);
readClient.setRequest(readClientRequest);
RegisterResponse readClientResponse = readClient.exec();
showClient(readClient);
assertEquals(readClientResponse.getStatus(), 200, "Unexpected response code: " + readClientResponse.getEntity());
assertNotNull(readClientResponse.getClientId());
assertNotNull(readClientResponse.getClientSecret());
assertNotNull(readClientResponse.getClientIdIssuedAt());
assertNotNull(readClientResponse.getClientSecretExpiresAt());
assertNotNull(readClientResponse.getClaims().get(RESPONSE_TYPES.toString()));
assertNotNull(readClientResponse.getClaims().get(REDIRECT_URIS.toString()));
assertNotNull(readClientResponse.getClaims().get(APPLICATION_TYPE.toString()));
assertNotNull(readClientResponse.getClaims().get(CLIENT_NAME.toString()));
assertNotNull(readClientResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertNotNull(readClientResponse.getClaims().get(SCOPE.toString()));
// 3. Request authorization
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
String nonce = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getCode(), "The authorization code is null");
assertNotNull(authorizationResponse.getIdToken(), "The id token is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
assertNotNull(authorizationResponse.getScope(), "The scope is null");
String authorizationCode = authorizationResponse.getCode();
String idToken = authorizationResponse.getIdToken();
// 4. Validate code and id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.CODE_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
assertTrue(rsaSigner.validateAuthorizationCode(authorizationCode, jwt));
// 5. Get Access Token
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse1 = tokenClient.exec();
showClient(tokenClient);
assertEquals(tokenResponse1.getStatus(), 200, "Unexpected response code: " + tokenResponse1.getStatus());
assertNotNull(tokenResponse1.getEntity(), "The entity is null");
assertNotNull(tokenResponse1.getAccessToken(), "The access token is null");
assertNotNull(tokenResponse1.getExpiresIn(), "The expires in value is null");
assertNotNull(tokenResponse1.getTokenType(), "The token type is null");
assertNotNull(tokenResponse1.getRefreshToken(), "The refresh token is null");
}
Also used :
RegisterRequest(org.gluu.oxauth.client.RegisterRequest)
AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
ResponseType(org.gluu.oxauth.model.common.ResponseType)
AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)
RegisterResponse(org.gluu.oxauth.client.RegisterResponse)
RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey)
TokenResponse(org.gluu.oxauth.client.TokenResponse)
RegisterClient(org.gluu.oxauth.client.RegisterClient)
RSASigner(org.gluu.oxauth.model.jws.RSASigner)
TokenRequest(org.gluu.oxauth.client.TokenRequest)
TokenClient(org.gluu.oxauth.client.TokenClient)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 12 with RSAPublicKey
use of org.gluu.oxauth.model.crypto.signature.RSAPublicKey in project oxAuth by GluuFederation.
the class BackchannelAuthenticationPingMode method idTokenHintPS512.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void idTokenHintPS512(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("idTokenHintPS512");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.PS512);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request authorization
List<String> scopes = Arrays.asList("openid");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String idToken = authorizationResponse.getIdToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.PS512, publicKey);
assertTrue(rsaSigner.validate(jwt));
idTokenHintPS512 = idToken;
}
Also used :
RegisterRequest(org.gluu.oxauth.client.RegisterRequest)
AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
ResponseType(org.gluu.oxauth.model.common.ResponseType)
BackchannelAuthenticationErrorResponseType(org.gluu.oxauth.model.ciba.BackchannelAuthenticationErrorResponseType)
AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)
RegisterResponse(org.gluu.oxauth.client.RegisterResponse)
RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey)
RegisterClient(org.gluu.oxauth.client.RegisterClient)
RSASigner(org.gluu.oxauth.model.jws.RSASigner)
AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 13 with RSAPublicKey
use of org.gluu.oxauth.model.crypto.signature.RSAPublicKey in project oxAuth by GluuFederation.
the class BackchannelAuthenticationPingMode method idTokenHintRS256.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void idTokenHintRS256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("idTokenHintRS256");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.RS256);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request authorization
List<String> scopes = Arrays.asList("openid");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String idToken = authorizationResponse.getIdToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
idTokenHintRS256 = idToken;
}
Also used :
RegisterRequest(org.gluu.oxauth.client.RegisterRequest)
AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
ResponseType(org.gluu.oxauth.model.common.ResponseType)
BackchannelAuthenticationErrorResponseType(org.gluu.oxauth.model.ciba.BackchannelAuthenticationErrorResponseType)
AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)
RegisterResponse(org.gluu.oxauth.client.RegisterResponse)
RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey)
RegisterClient(org.gluu.oxauth.client.RegisterClient)
RSASigner(org.gluu.oxauth.model.jws.RSASigner)
AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 14 with RSAPublicKey
use of org.gluu.oxauth.model.crypto.signature.RSAPublicKey in project oxAuth by GluuFederation.
the class BackchannelAuthenticationPingMode method idTokenHintRS512.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri" })
@Test
public void idTokenHintRS512(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String sectorIdentifierUri) throws Exception {
showTitle("idTokenHintRS512");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Register client
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "oxAuth test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.RS512);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertEquals(registerResponse.getStatus(), 200, "Unexpected response code: " + registerResponse.getEntity());
assertNotNull(registerResponse.getClientId());
assertNotNull(registerResponse.getClientSecret());
assertNotNull(registerResponse.getRegistrationAccessToken());
assertNotNull(registerResponse.getClientIdIssuedAt());
assertNotNull(registerResponse.getClientSecretExpiresAt());
String clientId = registerResponse.getClientId();
// 2. Request authorization
List<String> scopes = Arrays.asList("openid");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertNotNull(authorizationResponse.getLocation(), "The location is null");
assertNotNull(authorizationResponse.getAccessToken(), "The accessToken is null");
assertNotNull(authorizationResponse.getTokenType(), "The tokenType is null");
assertNotNull(authorizationResponse.getIdToken(), "The idToken is null");
assertNotNull(authorizationResponse.getState(), "The state is null");
String idToken = authorizationResponse.getIdToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.TYPE));
assertNotNull(jwt.getHeader().getClaimAsString(JwtHeaderName.ALGORITHM));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUDIENCE));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.EXPIRATION_TIME));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ISSUED_AT));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.ACCESS_TOKEN_HASH));
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.AUTHENTICATION_TIME));
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS512, publicKey);
assertTrue(rsaSigner.validate(jwt));
idTokenHintRS512 = idToken;
}
Also used :
RegisterRequest(org.gluu.oxauth.client.RegisterRequest)
AuthorizationRequest(org.gluu.oxauth.client.AuthorizationRequest)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
ResponseType(org.gluu.oxauth.model.common.ResponseType)
BackchannelAuthenticationErrorResponseType(org.gluu.oxauth.model.ciba.BackchannelAuthenticationErrorResponseType)
AuthorizationResponse(org.gluu.oxauth.client.AuthorizationResponse)
RegisterResponse(org.gluu.oxauth.client.RegisterResponse)
RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey)
RegisterClient(org.gluu.oxauth.client.RegisterClient)
RSASigner(org.gluu.oxauth.model.jws.RSASigner)
AuthorizeClient(org.gluu.oxauth.client.AuthorizeClient)
Parameters(org.testng.annotations.Parameters)
BaseTest(org.gluu.oxauth.BaseTest)
Test(org.testng.annotations.Test)
Example 15 with RSAPublicKey
use of org.gluu.oxauth.model.crypto.signature.RSAPublicKey in project oxAuth by GluuFederation.
the class JwtUtil method getPublicKey.
public static PublicKey getPublicKey(String jwksUri, String jwks, SignatureAlgorithm signatureAlgorithm, String keyId) {
log.debug("Retrieving JWK...");
JSONObject jsonKeyValue = getJsonKey(jwksUri, jwks, keyId);
if (jsonKeyValue == null) {
return null;
}
org.gluu.oxauth.model.crypto.PublicKey publicKey = null;
try {
String resultKeyId = jsonKeyValue.getString(KEY_ID);
if (signatureAlgorithm == null) {
signatureAlgorithm = SignatureAlgorithm.fromString(jsonKeyValue.getString(ALGORITHM));
if (signatureAlgorithm == null) {
log.error(String.format("Failed to determine key '%s' signature algorithm", resultKeyId));
return null;
}
}
JSONObject jsonPublicKey = jsonKeyValue;
if (jsonKeyValue.has(PUBLIC_KEY)) {
// Use internal jwks.json format
jsonPublicKey = jsonKeyValue.getJSONObject(PUBLIC_KEY);
}
if (signatureAlgorithm == SignatureAlgorithm.RS256 || signatureAlgorithm == SignatureAlgorithm.RS384 || signatureAlgorithm == SignatureAlgorithm.RS512) {
// String alg = jsonKeyValue.getString(ALGORITHM);
// String use = jsonKeyValue.getString(KEY_USE);
String exp = jsonPublicKey.getString(EXPONENT);
String mod = jsonPublicKey.getString(MODULUS);
BigInteger publicExponent = new BigInteger(1, Base64Util.base64urldecode(exp));
BigInteger modulus = new BigInteger(1, Base64Util.base64urldecode(mod));
publicKey = new RSAPublicKey(modulus, publicExponent);
} else if (signatureAlgorithm == SignatureAlgorithm.ES256 || signatureAlgorithm == SignatureAlgorithm.ES384 || signatureAlgorithm == SignatureAlgorithm.ES512) {
// String alg = jsonKeyValue.getString(ALGORITHM);
// String use = jsonKeyValue.getString(KEY_USE);
// String crv = jsonKeyValue.getString(CURVE);
String xx = jsonPublicKey.getString(X);
String yy = jsonPublicKey.getString(Y);
BigInteger x = new BigInteger(1, Base64Util.base64urldecode(xx));
BigInteger y = new BigInteger(1, Base64Util.base64urldecode(yy));
publicKey = new ECDSAPublicKey(signatureAlgorithm, x, y);
}
if (publicKey != null && jsonKeyValue.has(CERTIFICATE_CHAIN)) {
final String BEGIN = "-----BEGIN CERTIFICATE-----";
final String END = "-----END CERTIFICATE-----";
JSONArray certChain = jsonKeyValue.getJSONArray(CERTIFICATE_CHAIN);
String certificateString = BEGIN + "\n" + certChain.getString(0) + "\n" + END;
StringReader sr = new StringReader(certificateString);
PEMParser pemReader = new PEMParser(sr);
X509Certificate cert = (X509CertificateObject) pemReader.readObject();
Certificate certificate = new Certificate(signatureAlgorithm, cert);
publicKey.setCertificate(certificate);
}
if (publicKey != null) {
publicKey.setKeyId(resultKeyId);
publicKey.setSignatureAlgorithm(signatureAlgorithm);
}
} catch (Exception ex) {
log.error(ex.getMessage(), ex);
}
return publicKey;
}
Also used :
JSONArray(org.json.JSONArray)
X509Certificate(java.security.cert.X509Certificate)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
NoSuchProviderException(java.security.NoSuchProviderException)
PublicKey(org.gluu.oxauth.model.crypto.PublicKey)
JSONObject(org.json.JSONObject)
RSAPublicKey(org.gluu.oxauth.model.crypto.signature.RSAPublicKey)
PEMParser(org.bouncycastle.openssl.PEMParser)
X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject)
StringReader(java.io.StringReader)
BigInteger(java.math.BigInteger)
ECDSAPublicKey(org.gluu.oxauth.model.crypto.signature.ECDSAPublicKey)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.gluu.oxauth.model.crypto.Certificate)
Aggregations
RSAPublicKey (org.gluu.oxauth.model.crypto.signature.RSAPublicKey)107
RSASigner (org.gluu.oxauth.model.jws.RSASigner)101
Jwt (org.gluu.oxauth.model.jwt.Jwt)97
BaseTest (org.gluu.oxauth.BaseTest)93
Test (org.testng.annotations.Test)93
AuthorizationResponse (org.gluu.oxauth.client.AuthorizationResponse)92
RegisterResponse (org.gluu.oxauth.client.RegisterResponse)90
ResponseType (org.gluu.oxauth.model.common.ResponseType)90
Parameters (org.testng.annotations.Parameters)89
AuthorizationRequest (org.gluu.oxauth.client.AuthorizationRequest)86
RegisterClient (org.gluu.oxauth.client.RegisterClient)83
RegisterRequest (org.gluu.oxauth.client.RegisterRequest)83
AuthorizeClient (org.gluu.oxauth.client.AuthorizeClient)53
UserInfoClient (org.gluu.oxauth.client.UserInfoClient)49
UserInfoResponse (org.gluu.oxauth.client.UserInfoResponse)49
JwtAuthorizationRequest (org.gluu.oxauth.client.model.authorize.JwtAuthorizationRequest)40
OxAuthCryptoProvider (org.gluu.oxauth.model.crypto.OxAuthCryptoProvider)25
TokenClient (org.gluu.oxauth.client.TokenClient)24
TokenResponse (org.gluu.oxauth.client.TokenResponse)24
Claim (org.gluu.oxauth.client.model.authorize.Claim)24
