Examples with RSAPrivateKey org.xdi.oxauth.model.crypto.signature.RSAPrivateKey used on opensource projects

Example 1 with RSAPrivateKey

use of org.xdi.oxauth.model.crypto.signature.RSAPrivateKey in project oxAuth by GluuFederation.

the class JweDecrypterImpl method decryptEncryptionKey.

@Override
public byte[] decryptEncryptionKey(String encodedEncryptedKey) throws InvalidJweException {
    if (getKeyEncryptionAlgorithm() == null) {
        throw new InvalidJweException("The key encryption algorithm is null");
    }
    if (encodedEncryptedKey == null) {
        throw new InvalidJweException("The encoded encryption key is null");
    }
    try {
        if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA_OAEP || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.RSA1_5) {
            if (rsaPrivateKey == null && privateKey == null) {
                throw new InvalidJweException("The RSA private key is null");
            }
            //Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm(), "BC");
            Cipher cipher = Cipher.getInstance(getKeyEncryptionAlgorithm().getAlgorithm());
            if (rsaPrivateKey != null) {
                KeyFactory keyFactory = KeyFactory.getInstance(getKeyEncryptionAlgorithm().getFamily(), "BC");
                RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(rsaPrivateKey.getModulus(), rsaPrivateKey.getPrivateExponent());
                java.security.interfaces.RSAPrivateKey privKey = (java.security.interfaces.RSAPrivateKey) keyFactory.generatePrivate(privKeySpec);
                cipher.init(Cipher.DECRYPT_MODE, privKey);
            } else {
                cipher.init(Cipher.DECRYPT_MODE, privateKey);
            }
            byte[] decryptedKey = cipher.doFinal(Base64Util.base64urldecode(encodedEncryptedKey));
            return decryptedKey;
        } else if (getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A128KW || getKeyEncryptionAlgorithm() == KeyEncryptionAlgorithm.A256KW) {
            if (sharedSymmetricKey == null) {
                throw new InvalidJweException("The shared symmetric key is null");
            }
            if (sharedSymmetricKey.length != 16) {
                // 128 bit
                MessageDigest sha = MessageDigest.getInstance("SHA-1");
                sharedSymmetricKey = sha.digest(sharedSymmetricKey);
                sharedSymmetricKey = Arrays.copyOf(sharedSymmetricKey, 16);
            }
            byte[] encryptedKey = Base64Util.base64urldecode(encodedEncryptedKey);
            SecretKeySpec keyEncryptionKey = new SecretKeySpec(sharedSymmetricKey, "AES");
            AESWrapEngine aesWrapEngine = new AESWrapEngine();
            CipherParameters params = new KeyParameter(keyEncryptionKey.getEncoded());
            aesWrapEngine.init(false, params);
            byte[] decryptedKey = aesWrapEngine.unwrap(encryptedKey, 0, encryptedKey.length);
            return decryptedKey;
        } else {
            throw new InvalidJweException("The key encryption algorithm is not supported");
        }
    } catch (NoSuchPaddingException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new InvalidJweException(e);
    } catch (IllegalBlockSizeException e) {
        throw new InvalidJweException(e);
    } catch (BadPaddingException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchProviderException e) {
        throw new InvalidJweException(e);
    } catch (InvalidKeyException e) {
        throw new InvalidJweException(e);
    } catch (InvalidKeySpecException e) {
        throw new InvalidJweException(e);
    } catch (InvalidCipherTextException e) {
        throw new InvalidJweException(e);
    }
}

Example 2 with RSAPrivateKey

use of org.xdi.oxauth.model.crypto.signature.RSAPrivateKey in project oxAuth by GluuFederation.

the class SignatureTest method generateRS256Keys.

@Test
public void generateRS256Keys() throws Exception {
    showTitle("TEST: generateRS256Keys");
    KeyFactory<RSAPrivateKey, RSAPublicKey> keyFactory = new RSAKeyFactory(SignatureAlgorithm.RS256, "CN=Test CA Certificate");
    Key<RSAPrivateKey, RSAPublicKey> key = keyFactory.getKey();
    RSAPrivateKey privateKey = key.getPrivateKey();
    RSAPublicKey publicKey = key.getPublicKey();
    Certificate certificate = key.getCertificate();
    System.out.println(key);
    String signingInput = "Hello World!";
    RSASigner rsaSigner1 = new RSASigner(SignatureAlgorithm.RS256, privateKey);
    String signature = rsaSigner1.generateSignature(signingInput);
    RSASigner rsaSigner2 = new RSASigner(SignatureAlgorithm.RS256, publicKey);
    assertTrue(rsaSigner2.validateSignature(signingInput, signature));
    RSASigner rsaSigner3 = new RSASigner(SignatureAlgorithm.RS256, certificate);
    assertTrue(rsaSigner3.validateSignature(signingInput, signature));
}

Example 3 with RSAPrivateKey

use of org.xdi.oxauth.model.crypto.signature.RSAPrivateKey in project oxAuth by GluuFederation.

the class SignatureTest method generateRS512Keys.

@Test
public void generateRS512Keys() throws Exception {
    showTitle("TEST: generateRS512Keys");
    KeyFactory<RSAPrivateKey, RSAPublicKey> keyFactory = new RSAKeyFactory(SignatureAlgorithm.RS512, "CN=Test CA Certificate");
    Key<RSAPrivateKey, RSAPublicKey> key = keyFactory.getKey();
    RSAPrivateKey privateKey = key.getPrivateKey();
    RSAPublicKey publicKey = key.getPublicKey();
    Certificate certificate = key.getCertificate();
    System.out.println(key);
    String signingInput = "Hello World!";
    RSASigner rsaSigner1 = new RSASigner(SignatureAlgorithm.RS512, privateKey);
    String signature = rsaSigner1.generateSignature(signingInput);
    RSASigner rsaSigner2 = new RSASigner(SignatureAlgorithm.RS512, publicKey);
    assertTrue(rsaSigner2.validateSignature(signingInput, signature));
    RSASigner rsaSigner3 = new RSASigner(SignatureAlgorithm.RS512, certificate);
    assertTrue(rsaSigner3.validateSignature(signingInput, signature));
}

Example 4 with RSAPrivateKey

use of org.xdi.oxauth.model.crypto.signature.RSAPrivateKey in project oxAuth by GluuFederation.

the class SignatureTest method generateRS384Keys.

@Test
public void generateRS384Keys() throws Exception {
    showTitle("TEST: generateRS384Keys");
    KeyFactory<RSAPrivateKey, RSAPublicKey> keyFactory = new RSAKeyFactory(SignatureAlgorithm.RS384, "CN=Test CA Certificate");
    Key<RSAPrivateKey, RSAPublicKey> key = keyFactory.getKey();
    RSAPrivateKey privateKey = key.getPrivateKey();
    RSAPublicKey publicKey = key.getPublicKey();
    Certificate certificate = key.getCertificate();
    System.out.println(key);
    String signingInput = "Hello World!";
    RSASigner rsaSigner1 = new RSASigner(SignatureAlgorithm.RS384, privateKey);
    String signature = rsaSigner1.generateSignature(signingInput);
    RSASigner rsaSigner2 = new RSASigner(SignatureAlgorithm.RS384, publicKey);
    assertTrue(rsaSigner2.validateSignature(signingInput, signature));
    RSASigner rsaSigner3 = new RSASigner(SignatureAlgorithm.RS384, certificate);
    assertTrue(rsaSigner3.validateSignature(signingInput, signature));
}

Example 5 with RSAPrivateKey

use of org.xdi.oxauth.model.crypto.signature.RSAPrivateKey in project oxAuth by GluuFederation.

the class EncryptionTest method cryptoTest3.

@Test
public void cryptoTest3() throws Exception {
    showTitle("Test: alg = RSA1_5, enc = A256CBC+HS512");
    // {"alg":"RSA1_5","enc":"A256CBC+HS512"}
    String encodedHeader = "eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMjU2Q0JDK0hTNTEyIn0";
    String plainText = "No matter where you go, there you are.";
    byte[] cmk = new byte[BlockEncryptionAlgorithm.A256CBC_PLUS_HS512.getCmkLength() / 8];
    SecureRandom random = new SecureRandom();
    random.nextBytes(cmk);
    BigInteger modulus = new BigInteger(1, Base64Util.unsignedToBytes(new int[] { 177, 119, 33, 13, 164, 30, 108, 121, 207, 136, 107, 242, 12, 224, 19, 226, 198, 134, 17, 71, 173, 75, 42, 61, 48, 162, 206, 161, 97, 108, 185, 234, 226, 219, 118, 206, 118, 5, 169, 224, 60, 181, 90, 85, 51, 123, 6, 224, 4, 122, 29, 230, 151, 12, 244, 127, 121, 25, 4, 85, 220, 144, 215, 110, 130, 17, 68, 228, 129, 138, 7, 130, 231, 40, 212, 214, 17, 179, 28, 124, 151, 178, 207, 20, 14, 154, 222, 113, 176, 24, 198, 73, 211, 113, 9, 33, 178, 80, 13, 25, 21, 25, 153, 212, 206, 67, 154, 147, 70, 194, 192, 183, 160, 83, 98, 236, 175, 85, 23, 97, 75, 199, 177, 73, 145, 50, 253, 206, 32, 179, 254, 236, 190, 82, 73, 67, 129, 253, 252, 220, 108, 136, 138, 11, 192, 1, 36, 239, 228, 55, 81, 113, 17, 25, 140, 63, 239, 146, 3, 172, 96, 60, 227, 233, 64, 255, 224, 173, 225, 228, 229, 92, 112, 72, 99, 97, 26, 87, 187, 123, 46, 50, 90, 202, 117, 73, 10, 153, 47, 224, 178, 163, 77, 48, 46, 154, 33, 148, 34, 228, 33, 172, 216, 89, 46, 225, 127, 68, 146, 234, 30, 147, 54, 146, 5, 133, 45, 78, 254, 85, 55, 75, 213, 86, 194, 218, 215, 163, 189, 194, 54, 6, 83, 36, 18, 153, 53, 7, 48, 89, 35, 66, 144, 7, 65, 154, 13, 97, 75, 55, 230, 132, 3, 13, 239, 71 }));
    BigInteger exponent = new BigInteger(1, Base64Util.unsignedToBytes(new int[] { 1, 0, 1 }));
    BigInteger privateExponent = new BigInteger(1, Base64Util.unsignedToBytes(new int[] { 84, 80, 150, 58, 165, 235, 242, 123, 217, 55, 38, 154, 36, 181, 221, 156, 211, 215, 100, 164, 90, 88, 40, 228, 83, 148, 54, 122, 4, 16, 165, 48, 76, 194, 26, 107, 51, 53, 179, 165, 31, 18, 198, 173, 78, 61, 56, 97, 252, 158, 140, 80, 63, 25, 223, 156, 36, 203, 214, 252, 120, 67, 180, 167, 3, 82, 243, 25, 97, 214, 83, 133, 69, 16, 104, 54, 160, 200, 41, 83, 164, 187, 70, 153, 111, 234, 242, 158, 175, 28, 198, 48, 211, 45, 148, 58, 23, 62, 227, 74, 52, 117, 42, 90, 41, 249, 130, 154, 80, 119, 61, 26, 193, 40, 125, 10, 152, 174, 227, 225, 205, 32, 62, 66, 6, 163, 100, 99, 219, 19, 253, 25, 105, 80, 201, 29, 252, 157, 237, 69, 1, 80, 171, 167, 20, 196, 156, 109, 249, 88, 0, 3, 152, 38, 165, 72, 87, 6, 152, 71, 156, 214, 16, 71, 30, 82, 51, 103, 76, 218, 63, 9, 84, 163, 249, 91, 215, 44, 238, 85, 101, 240, 148, 1, 82, 224, 91, 135, 105, 127, 84, 171, 181, 152, 210, 183, 126, 24, 46, 196, 90, 173, 38, 245, 219, 186, 222, 27, 240, 212, 194, 15, 66, 135, 226, 178, 190, 52, 245, 74, 65, 224, 81, 100, 85, 25, 204, 165, 203, 187, 175, 84, 100, 82, 15, 11, 23, 202, 151, 107, 54, 41, 207, 3, 136, 229, 134, 131, 93, 139, 50, 182, 204, 93, 130, 89 }));
    PublicKey publicKey = new RSAPublicKeyImpl(modulus, exponent);
    RSAPrivateKey rsaPrivateKey = new RSAPrivateKey(modulus, privateExponent);
    // Encrypt
    JweEncrypterImpl encrypter = new JweEncrypterImpl(KeyEncryptionAlgorithm.RSA1_5, BlockEncryptionAlgorithm.A256CBC_PLUS_HS512, publicKey);
    String encodedJweEncryptedKey = encrypter.generateEncryptedKey(cmk);
    byte[] initVector = Base64Util.unsignedToBytes(new int[] { 3, 22, 60, 12, 43, 67, 104, 105, 108, 108, 105, 99, 111, 116, 104, 101 });
    String encodedInitVector = Base64Util.base64urlencode(initVector);
    assertEquals(encodedInitVector, "AxY8DCtDaGlsbGljb3RoZQ");
    String additionalAuthenticatedData = encodedHeader + "." + encodedJweEncryptedKey + "." + encodedInitVector;
    Pair<String, String> cipherTextAndIntegrityValue = encrypter.generateCipherTextAndIntegrityValue(cmk, initVector, additionalAuthenticatedData.getBytes(Util.UTF8_STRING_ENCODING), plainText.getBytes(Util.UTF8_STRING_ENCODING));
    String encodedCipherText = cipherTextAndIntegrityValue.getFirst();
    String encodedAuthenticationTag = cipherTextAndIntegrityValue.getSecond();
    String encodedJwe = encodedHeader + "." + encodedJweEncryptedKey + "." + encodedInitVector + "." + encodedCipherText + "." + encodedAuthenticationTag;
    System.out.println("JWE: " + encodedJwe);
    // Decrypt
    JweDecrypterImpl decrypter = new JweDecrypterImpl(rsaPrivateKey);
    decrypter.setKeyEncryptionAlgorithm(KeyEncryptionAlgorithm.RSA1_5);
    decrypter.setBlockEncryptionAlgorithm(BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    byte[] encryptionKey = decrypter.decryptEncryptionKey(encodedJweEncryptedKey);
    assertEquals(encryptionKey, cmk);
    String decodedPlainText = decrypter.decryptCipherText(encodedCipherText, encryptionKey, initVector, Base64Util.base64urldecode(encodedAuthenticationTag), additionalAuthenticatedData.getBytes(Util.UTF8_STRING_ENCODING));
    assertEquals(decodedPlainText, plainText);
}