Search in sources :

Example 1 with ECDSAPublicKey

use of org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey in project oxAuth by GluuFederation.

the class JwkResponse method getPublicKey.

@Deprecated
public PublicKey getPublicKey(String keyId) {
    PublicKey publicKey = null;
    JSONWebKey JSONWebKey = getKeyValue(keyId);
    if (JSONWebKey != null) {
        switch(JSONWebKey.getKty()) {
            case RSA:
                publicKey = new RSAPublicKey(JSONWebKey.getN(), JSONWebKey.getE());
                break;
            case EC:
                publicKey = new ECDSAPublicKey(JSONWebKey.getAlg(), JSONWebKey.getX(), JSONWebKey.getY());
                break;
            default:
                break;
        }
    }
    return publicKey;
}
Also used : JSONWebKey(org.xdi.oxauth.model.jwk.JSONWebKey) RSAPublicKey(org.xdi.oxauth.model.crypto.signature.RSAPublicKey) RSAPublicKey(org.xdi.oxauth.model.crypto.signature.RSAPublicKey) ECDSAPublicKey(org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey) PublicKey(org.xdi.oxauth.model.crypto.PublicKey) ECDSAPublicKey(org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey)

Example 2 with ECDSAPublicKey

use of org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey in project oxAuth by GluuFederation.

the class JwtUtil method getPublicKey.

public static PublicKey getPublicKey(String jwksUri, String jwks, SignatureAlgorithm signatureAlgorithm, String keyId) {
    log.debug("Retrieving JWK...");
    JSONObject jsonKeyValue = getJsonKey(jwksUri, jwks, keyId);
    if (jsonKeyValue == null) {
        return null;
    }
    org.xdi.oxauth.model.crypto.PublicKey publicKey = null;
    try {
        String resultKeyId = jsonKeyValue.getString(KEY_ID);
        if (signatureAlgorithm == null) {
            signatureAlgorithm = SignatureAlgorithm.fromString(jsonKeyValue.getString(ALGORITHM));
            if (signatureAlgorithm == null) {
                log.error(String.format("Failed to determine key '%s' signature algorithm", resultKeyId));
                return null;
            }
        }
        JSONObject jsonPublicKey = jsonKeyValue;
        if (jsonKeyValue.has(PUBLIC_KEY)) {
            // Use internal jwks.json format
            jsonPublicKey = jsonKeyValue.getJSONObject(PUBLIC_KEY);
        }
        if (signatureAlgorithm == SignatureAlgorithm.RS256 || signatureAlgorithm == SignatureAlgorithm.RS384 || signatureAlgorithm == SignatureAlgorithm.RS512) {
            //String alg = jsonKeyValue.getString(ALGORITHM);
            //String use = jsonKeyValue.getString(KEY_USE);
            String exp = jsonPublicKey.getString(EXPONENT);
            String mod = jsonPublicKey.getString(MODULUS);
            BigInteger publicExponent = new BigInteger(1, Base64Util.base64urldecode(exp));
            BigInteger modulus = new BigInteger(1, Base64Util.base64urldecode(mod));
            publicKey = new RSAPublicKey(modulus, publicExponent);
        } else if (signatureAlgorithm == SignatureAlgorithm.ES256 || signatureAlgorithm == SignatureAlgorithm.ES384 || signatureAlgorithm == SignatureAlgorithm.ES512) {
            //String alg = jsonKeyValue.getString(ALGORITHM);
            //String use = jsonKeyValue.getString(KEY_USE);
            //String crv = jsonKeyValue.getString(CURVE);
            String xx = jsonPublicKey.getString(X);
            String yy = jsonPublicKey.getString(Y);
            BigInteger x = new BigInteger(1, Base64Util.base64urldecode(xx));
            BigInteger y = new BigInteger(1, Base64Util.base64urldecode(yy));
            publicKey = new ECDSAPublicKey(signatureAlgorithm, x, y);
        }
        if (publicKey != null && jsonKeyValue.has(CERTIFICATE_CHAIN)) {
            final String BEGIN = "-----BEGIN CERTIFICATE-----";
            final String END = "-----END CERTIFICATE-----";
            JSONArray certChain = jsonKeyValue.getJSONArray(CERTIFICATE_CHAIN);
            String certificateString = BEGIN + "\n" + certChain.getString(0) + "\n" + END;
            StringReader sr = new StringReader(certificateString);
            PEMParser pemReader = new PEMParser(sr);
            X509Certificate cert = (X509CertificateObject) pemReader.readObject();
            Certificate certificate = new Certificate(signatureAlgorithm, cert);
            publicKey.setCertificate(certificate);
        }
        if (publicKey != null) {
            publicKey.setKeyId(resultKeyId);
            publicKey.setSignatureAlgorithm(signatureAlgorithm);
        }
    } catch (Exception ex) {
        log.error(ex.getMessage(), ex);
    }
    return publicKey;
}
Also used : JSONArray(org.codehaus.jettison.json.JSONArray) PublicKey(org.xdi.oxauth.model.crypto.PublicKey) X509Certificate(java.security.cert.X509Certificate) UnsupportedEncodingException(java.io.UnsupportedEncodingException) JSONObject(org.codehaus.jettison.json.JSONObject) RSAPublicKey(org.xdi.oxauth.model.crypto.signature.RSAPublicKey) PEMParser(org.bouncycastle.openssl.PEMParser) X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) StringReader(java.io.StringReader) BigInteger(java.math.BigInteger) ECDSAPublicKey(org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey) X509Certificate(java.security.cert.X509Certificate) Certificate(org.xdi.oxauth.model.crypto.Certificate)

Example 3 with ECDSAPublicKey

use of org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey in project oxAuth by GluuFederation.

the class Certificate method getEcdsaPublicKey.

public ECDSAPublicKey getEcdsaPublicKey() {
    ECDSAPublicKey ecdsaPublicKey = null;
    if (x509Certificate != null && x509Certificate.getPublicKey() instanceof BCECPublicKey) {
        BCECPublicKey publicKey = (BCECPublicKey) x509Certificate.getPublicKey();
        ecdsaPublicKey = new ECDSAPublicKey(signatureAlgorithm, publicKey.getQ().getX().toBigInteger(), publicKey.getQ().getY().toBigInteger());
    }
    return ecdsaPublicKey;
}
Also used : BCECPublicKey(org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey) ECDSAPublicKey(org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey)

Example 4 with ECDSAPublicKey

use of org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey in project oxAuth by GluuFederation.

the class SignatureTest method generateES512Keys.

@Test
public void generateES512Keys() throws Exception {
    showTitle("TEST: generateES512Keys");
    KeyFactory<ECDSAPrivateKey, ECDSAPublicKey> keyFactory = new ECDSAKeyFactory(SignatureAlgorithm.ES512, "CN=Test CA Certificate");
    ECDSAPrivateKey privateKey = keyFactory.getPrivateKey();
    ECDSAPublicKey publicKey = keyFactory.getPublicKey();
    Certificate certificate = keyFactory.getCertificate();
    System.out.println("PRIVATE KEY");
    System.out.println(privateKey);
    System.out.println("PUBLIC KEY");
    System.out.println(publicKey);
    System.out.println("CERTIFICATE");
    System.out.println(certificate);
    String signingInput = "Hello World!";
    ECDSASigner ecdsaSigner1 = new ECDSASigner(SignatureAlgorithm.ES512, privateKey);
    String signature = ecdsaSigner1.generateSignature(signingInput);
    ECDSASigner ecdsaSigner2 = new ECDSASigner(SignatureAlgorithm.ES512, publicKey);
    assertTrue(ecdsaSigner2.validateSignature(signingInput, signature));
    ECDSASigner ecdsaSigner3 = new ECDSASigner(SignatureAlgorithm.ES512, certificate);
    assertTrue(ecdsaSigner3.validateSignature(signingInput, signature));
}
Also used : ECDSAKeyFactory(org.xdi.oxauth.model.crypto.signature.ECDSAKeyFactory) ECDSASigner(org.xdi.oxauth.model.jws.ECDSASigner) ECDSAPrivateKey(org.xdi.oxauth.model.crypto.signature.ECDSAPrivateKey) ECDSAPublicKey(org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey) Certificate(org.xdi.oxauth.model.crypto.Certificate) Test(org.testng.annotations.Test) BaseTest(org.xdi.oxauth.BaseTest)

Example 5 with ECDSAPublicKey

use of org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey in project oxAuth by GluuFederation.

the class KeyGenerator method generateU2fAttestationKeys.

public static void generateU2fAttestationKeys(Date startDate, Date expirationDate, String dnName) throws Exception {
    ECDSAKeyFactory keyFactory = new ECDSAKeyFactory(SignatureAlgorithm.ES256, null);
    Key<ECDSAPrivateKey, ECDSAPublicKey> key = keyFactory.getKey();
    Certificate certificate = keyFactory.generateV3Certificate(startDate, expirationDate, dnName);
    key.setCertificate(certificate);
    key.setKeyType(SignatureAlgorithm.ES256.getFamily());
    key.setUse(Use.SIGNATURE.toString());
    key.setAlgorithm(SignatureAlgorithm.ES256.getName());
    key.setKeyId(UUID.randomUUID().toString());
    key.setExpirationTime(expirationDate.getTime());
    key.setCurve(SignatureAlgorithm.ES256.getCurve());
    JSONObject jsonKey = key.toJSONObject();
    System.out.println(jsonKey);
    System.out.println("CERTIFICATE:");
    System.out.println(certificate);
}
Also used : ECDSAKeyFactory(org.xdi.oxauth.model.crypto.signature.ECDSAKeyFactory) JSONObject(org.codehaus.jettison.json.JSONObject) ECDSAPrivateKey(org.xdi.oxauth.model.crypto.signature.ECDSAPrivateKey) ECDSAPublicKey(org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey) Certificate(org.xdi.oxauth.model.crypto.Certificate)

Aggregations

ECDSAPublicKey (org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey)14 Test (org.testng.annotations.Test)7 BaseTest (org.xdi.oxauth.BaseTest)7 ECDSASigner (org.xdi.oxauth.model.jws.ECDSASigner)7 Certificate (org.xdi.oxauth.model.crypto.Certificate)5 Parameters (org.testng.annotations.Parameters)4 ResponseType (org.xdi.oxauth.model.common.ResponseType)4 ECDSAKeyFactory (org.xdi.oxauth.model.crypto.signature.ECDSAKeyFactory)4 ECDSAPrivateKey (org.xdi.oxauth.model.crypto.signature.ECDSAPrivateKey)4 RSAPublicKey (org.xdi.oxauth.model.crypto.signature.RSAPublicKey)4 Jwt (org.xdi.oxauth.model.jwt.Jwt)4 PublicKey (org.xdi.oxauth.model.crypto.PublicKey)3 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 BigInteger (java.math.BigInteger)2 BCECPublicKey (org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey)2 JSONObject (org.codehaus.jettison.json.JSONObject)2 StringReader (java.io.StringReader)1 X509Certificate (java.security.cert.X509Certificate)1 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)1 BCRSAPublicKey (org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey)1