Example 1 with Algorithm
use of org.gluu.oxauth.model.jwk.Algorithm in project oxAuth by GluuFederation.
the class AbstractCryptoProvider method getPublicKey.
public PublicKey getPublicKey(String alias, JSONObject jwks, Algorithm requestedAlgorithm) throws Exception {
java.security.PublicKey publicKey = null;
JSONArray webKeys = jwks.getJSONArray(JSON_WEB_KEY_SET);
for (int i = 0; i < webKeys.length(); i++) {
JSONObject key = webKeys.getJSONObject(i);
if (alias.equals(key.getString(KEY_ID))) {
AlgorithmFamily family = null;
if (key.has(ALGORITHM)) {
Algorithm algorithm = Algorithm.fromString(key.optString(ALGORITHM));
if (requestedAlgorithm != null && algorithm != requestedAlgorithm) {
LOG.trace("kid matched but algorithm does not match. kid algorithm:" + algorithm + ", requestedAlgorithm:" + requestedAlgorithm + ", kid:" + alias);
continue;
}
family = algorithm.getFamily();
} else if (key.has(KEY_TYPE)) {
family = AlgorithmFamily.fromString(key.getString(KEY_TYPE));
}
if (AlgorithmFamily.RSA.equals(family)) {
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger(1, Base64Util.base64urldecode(key.getString(MODULUS))), new BigInteger(1, Base64Util.base64urldecode(key.getString(EXPONENT))));
publicKey = keyFactory.generatePublic(pubKeySpec);
} else if (AlgorithmFamily.EC.equals(family)) {
ECEllipticCurve curve = ECEllipticCurve.fromString(key.optString(CURVE));
AlgorithmParameters parameters = AlgorithmParameters.getInstance(AlgorithmFamily.EC.toString());
parameters.init(new ECGenParameterSpec(curve.getAlias()));
ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
publicKey = KeyFactory.getInstance(AlgorithmFamily.EC.toString()).generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, Base64Util.base64urldecode(key.getString(X))), new BigInteger(1, Base64Util.base64urldecode(key.getString(Y)))), ecParameters));
}
if (key.has(EXPIRATION_TIME)) {
checkKeyExpiration(alias, key.getLong(EXPIRATION_TIME));
}
}
}
return publicKey;
}
Also used :
ECEllipticCurve(org.gluu.oxauth.model.crypto.signature.ECEllipticCurve)
JSONArray(org.json.JSONArray)
PublicKey(java.security.PublicKey)
SignatureAlgorithm(org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm)
Algorithm(org.gluu.oxauth.model.jwk.Algorithm)
AlgorithmFamily(org.gluu.oxauth.model.crypto.signature.AlgorithmFamily)
JSONObject(org.json.JSONObject)
BigInteger(java.math.BigInteger)
KeyFactory(java.security.KeyFactory)
AlgorithmParameters(java.security.AlgorithmParameters)
Example 2 with Algorithm
use of org.gluu.oxauth.model.jwk.Algorithm in project oxAuth by GluuFederation.
the class AbstractCryptoProvider method generateJwks.
public static JSONObject generateJwks(AbstractCryptoProvider cryptoProvider, AppConfiguration configuration) {
GregorianCalendar expirationTime = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
expirationTime.add(GregorianCalendar.HOUR, configuration.getKeyRegenerationInterval());
expirationTime.add(GregorianCalendar.SECOND, configuration.getIdTokenLifetime());
long expiration = expirationTime.getTimeInMillis();
final List<String> allowedAlgs = configuration.getKeyAlgsAllowedForGeneration();
JSONArray keys = new JSONArray();
for (Algorithm alg : Algorithm.values()) {
try {
if (!allowedAlgs.isEmpty() && !allowedAlgs.contains(alg.getParamName())) {
LOG.debug("Key generation for " + alg + " is skipped because it's not allowed by keyAlgsAllowedForGeneration configuration property.");
continue;
}
keys.put(cryptoProvider.generateKey(alg, expiration, alg.getUse()));
} catch (Exception ex) {
LOG.error("Algorithm: " + alg + ex.getMessage(), ex);
}
}
JSONObject jsonObject = new JSONObject();
jsonObject.put(JSON_WEB_KEY_SET, keys);
return jsonObject;
}
Also used :
JSONObject(org.json.JSONObject)
JSONArray(org.json.JSONArray)
SignatureAlgorithm(org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm)
Algorithm(org.gluu.oxauth.model.jwk.Algorithm)
JSONException(org.json.JSONException)
Example 3 with Algorithm
use of org.gluu.oxauth.model.jwk.Algorithm in project oxAuth by GluuFederation.
the class CrossEncryptionTest method nestedJWTProducedByGluu.
@Test
public void nestedJWTProducedByGluu() throws Exception {
AppConfiguration appConfiguration = new AppConfiguration();
List<JSONWebKey> keyArrayList = new ArrayList<JSONWebKey>();
keyArrayList.add(getSenderWebKey());
JSONWebKeySet keySet = new JSONWebKeySet();
keySet.setKeys(keyArrayList);
final JwtSigner jwtSigner = new JwtSigner(appConfiguration, keySet, SignatureAlgorithm.RS256, "audience", null, new AbstractCryptoProvider() {
@Override
public JSONObject generateKey(Algorithm algorithm, Long expirationTime, Use use) throws Exception {
return null;
}
@Override
public JSONObject generateKey(Algorithm algorithm, Long expirationTime, Use use, int keyLength) throws Exception {
return null;
}
@Override
public boolean containsKey(String keyId) {
return false;
}
@Override
public String sign(String signingInput, String keyId, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws Exception {
RSAPrivateKey privateKey = ((RSAKey) JWK.parse(senderJwkJson)).toRSAPrivateKey();
Signature signature = Signature.getInstance(signatureAlgorithm.getAlgorithm(), "BC");
signature.initSign(privateKey);
signature.update(signingInput.getBytes());
return Base64Util.base64urlencode(signature.sign());
}
@Override
public boolean verifySignature(String signingInput, String encodedSignature, String keyId, JSONObject jwks, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws Exception {
return false;
}
@Override
public boolean deleteKey(String keyId) throws Exception {
return false;
}
@Override
public PrivateKey getPrivateKey(String keyId) throws Exception {
throw new UnsupportedOperationException("Method not implemented.");
}
});
Jwt jwt = jwtSigner.newJwt();
jwt.getClaims().setSubjectIdentifier("testing");
jwt.getClaims().setIssuer("https:devgluu.saminet.local");
jwt = jwtSigner.sign();
RSAKey recipientPublicJWK = (RSAKey) (JWK.parse(recipientJwkJson));
BlockEncryptionAlgorithm blockEncryptionAlgorithm = BlockEncryptionAlgorithm.A128GCM;
KeyEncryptionAlgorithm keyEncryptionAlgorithm = KeyEncryptionAlgorithm.RSA_OAEP;
Jwe jwe = new Jwe();
jwe.getHeader().setType(JwtType.JWT);
jwe.getHeader().setAlgorithm(keyEncryptionAlgorithm);
jwe.getHeader().setEncryptionMethod(blockEncryptionAlgorithm);
jwe.getHeader().setKeyId("1");
jwe.setSignedJWTPayload(jwt);
JweEncrypterImpl encrypter = new JweEncrypterImpl(keyEncryptionAlgorithm, blockEncryptionAlgorithm, recipientPublicJWK.toPublicKey());
String jweString = encrypter.encrypt(jwe).toString();
decryptAndValidateSignatureWithGluu(jweString);
decryptAndValidateSignatureWithNimbus(jweString);
}
Also used :
RSAKey(com.nimbusds.jose.jwk.RSAKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PrivateKey(java.security.PrivateKey)
JSONWebKeySet(org.gluu.oxauth.model.jwk.JSONWebKeySet)
ArrayList(java.util.ArrayList)
SignatureAlgorithm(org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm)
BlockEncryptionAlgorithm(org.gluu.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm)
JwtSigner(org.gluu.oxauth.model.token.JwtSigner)
AppConfiguration(org.gluu.oxauth.model.configuration.AppConfiguration)
Jwe(org.gluu.oxauth.model.jwe.Jwe)
AbstractCryptoProvider(org.gluu.oxauth.model.crypto.AbstractCryptoProvider)
Use(org.gluu.oxauth.model.jwk.Use)
Jwt(org.gluu.oxauth.model.jwt.Jwt)
SignatureAlgorithm(org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm)
KeyEncryptionAlgorithm(org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm)
Algorithm(org.gluu.oxauth.model.jwk.Algorithm)
BlockEncryptionAlgorithm(org.gluu.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm)
JSONException(org.json.JSONException)
ParseException(java.text.ParseException)
InvalidJwtException(org.gluu.oxauth.model.exception.InvalidJwtException)
IOException(java.io.IOException)
InvalidJweException(org.gluu.oxauth.model.exception.InvalidJweException)
JSONWebKey(org.gluu.oxauth.model.jwk.JSONWebKey)
JSONObject(org.json.JSONObject)
Signature(java.security.Signature)
KeyEncryptionAlgorithm(org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm)
JweEncrypterImpl(org.gluu.oxauth.model.jwe.JweEncrypterImpl)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
Test(org.testng.annotations.Test)
Aggregations
SignatureAlgorithm (org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm)3
Algorithm (org.gluu.oxauth.model.jwk.Algorithm)3
JSONObject (org.json.JSONObject)3
JSONArray (org.json.JSONArray)2
JSONException (org.json.JSONException)2
RSAKey (com.nimbusds.jose.jwk.RSAKey)1
IOException (java.io.IOException)1
BigInteger (java.math.BigInteger)1
AlgorithmParameters (java.security.AlgorithmParameters)1
KeyFactory (java.security.KeyFactory)1
PrivateKey (java.security.PrivateKey)1
PublicKey (java.security.PublicKey)1
Signature (java.security.Signature)1
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1
ParseException (java.text.ParseException)1
ArrayList (java.util.ArrayList)1
AppConfiguration (org.gluu.oxauth.model.configuration.AppConfiguration)1
AbstractCryptoProvider (org.gluu.oxauth.model.crypto.AbstractCryptoProvider)1
BlockEncryptionAlgorithm (org.gluu.oxauth.model.crypto.encryption.BlockEncryptionAlgorithm)1
KeyEncryptionAlgorithm (org.gluu.oxauth.model.crypto.encryption.KeyEncryptionAlgorithm)1
