Example 1 with RSAPublicKey
use of org.xdi.oxauth.model.crypto.signature.RSAPublicKey in project oxAuth by GluuFederation.
the class JwtUtil method getPublicKey.
public static PublicKey getPublicKey(String jwksUri, String jwks, SignatureAlgorithm signatureAlgorithm, String keyId) {
log.debug("Retrieving JWK...");
JSONObject jsonKeyValue = getJsonKey(jwksUri, jwks, keyId);
if (jsonKeyValue == null) {
return null;
}
org.xdi.oxauth.model.crypto.PublicKey publicKey = null;
try {
String resultKeyId = jsonKeyValue.getString(KEY_ID);
if (signatureAlgorithm == null) {
signatureAlgorithm = SignatureAlgorithm.fromString(jsonKeyValue.getString(ALGORITHM));
if (signatureAlgorithm == null) {
log.error(String.format("Failed to determine key '%s' signature algorithm", resultKeyId));
return null;
}
}
JSONObject jsonPublicKey = jsonKeyValue;
if (jsonKeyValue.has(PUBLIC_KEY)) {
// Use internal jwks.json format
jsonPublicKey = jsonKeyValue.getJSONObject(PUBLIC_KEY);
}
if (signatureAlgorithm == SignatureAlgorithm.RS256 || signatureAlgorithm == SignatureAlgorithm.RS384 || signatureAlgorithm == SignatureAlgorithm.RS512) {
//String alg = jsonKeyValue.getString(ALGORITHM);
//String use = jsonKeyValue.getString(KEY_USE);
String exp = jsonPublicKey.getString(EXPONENT);
String mod = jsonPublicKey.getString(MODULUS);
BigInteger publicExponent = new BigInteger(1, Base64Util.base64urldecode(exp));
BigInteger modulus = new BigInteger(1, Base64Util.base64urldecode(mod));
publicKey = new RSAPublicKey(modulus, publicExponent);
} else if (signatureAlgorithm == SignatureAlgorithm.ES256 || signatureAlgorithm == SignatureAlgorithm.ES384 || signatureAlgorithm == SignatureAlgorithm.ES512) {
//String alg = jsonKeyValue.getString(ALGORITHM);
//String use = jsonKeyValue.getString(KEY_USE);
//String crv = jsonKeyValue.getString(CURVE);
String xx = jsonPublicKey.getString(X);
String yy = jsonPublicKey.getString(Y);
BigInteger x = new BigInteger(1, Base64Util.base64urldecode(xx));
BigInteger y = new BigInteger(1, Base64Util.base64urldecode(yy));
publicKey = new ECDSAPublicKey(signatureAlgorithm, x, y);
}
if (publicKey != null && jsonKeyValue.has(CERTIFICATE_CHAIN)) {
final String BEGIN = "-----BEGIN CERTIFICATE-----";
final String END = "-----END CERTIFICATE-----";
JSONArray certChain = jsonKeyValue.getJSONArray(CERTIFICATE_CHAIN);
String certificateString = BEGIN + "\n" + certChain.getString(0) + "\n" + END;
StringReader sr = new StringReader(certificateString);
PEMParser pemReader = new PEMParser(sr);
X509Certificate cert = (X509CertificateObject) pemReader.readObject();
Certificate certificate = new Certificate(signatureAlgorithm, cert);
publicKey.setCertificate(certificate);
}
if (publicKey != null) {
publicKey.setKeyId(resultKeyId);
publicKey.setSignatureAlgorithm(signatureAlgorithm);
}
} catch (Exception ex) {
log.error(ex.getMessage(), ex);
}
return publicKey;
}
Also used :
JSONArray(org.codehaus.jettison.json.JSONArray)
PublicKey(org.xdi.oxauth.model.crypto.PublicKey)
X509Certificate(java.security.cert.X509Certificate)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
JSONObject(org.codehaus.jettison.json.JSONObject)
RSAPublicKey(org.xdi.oxauth.model.crypto.signature.RSAPublicKey)
PEMParser(org.bouncycastle.openssl.PEMParser)
X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject)
StringReader(java.io.StringReader)
BigInteger(java.math.BigInteger)
ECDSAPublicKey(org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.xdi.oxauth.model.crypto.Certificate)
Example 2 with RSAPublicKey
use of org.xdi.oxauth.model.crypto.signature.RSAPublicKey in project oxAuth by GluuFederation.
the class Certificate method getRsaPublicKey.
public RSAPublicKey getRsaPublicKey() {
RSAPublicKey rsaPublicKey = null;
if (x509Certificate != null && x509Certificate.getPublicKey() instanceof BCRSAPublicKey) {
BCRSAPublicKey publicKey = (BCRSAPublicKey) x509Certificate.getPublicKey();
rsaPublicKey = new RSAPublicKey(publicKey.getModulus(), publicKey.getPublicExponent());
}
return rsaPublicKey;
}
Also used :
RSAPublicKey(org.xdi.oxauth.model.crypto.signature.RSAPublicKey)
BCRSAPublicKey(org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey)
BCRSAPublicKey(org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey)
Example 3 with RSAPublicKey
use of org.xdi.oxauth.model.crypto.signature.RSAPublicKey in project oxAuth by GluuFederation.
the class RSASigner method validateSignature.
@Override
public boolean validateSignature(String signingInput, String signature) throws SignatureException {
if (getSignatureAlgorithm() == null) {
throw new SignatureException("The signature algorithm is null");
}
if (rsaPublicKey == null) {
throw new SignatureException("The RSA public key is null");
}
if (signingInput == null) {
throw new SignatureException("The signing input is null");
}
String algorithm = null;
switch(getSignatureAlgorithm()) {
case RS256:
algorithm = "SHA-256";
break;
case RS384:
algorithm = "SHA-384";
break;
case RS512:
algorithm = "SHA-512";
break;
default:
throw new SignatureException("Unsupported signature algorithm");
}
ASN1InputStream aIn = null;
try {
byte[] sigBytes = Base64Util.base64urldecode(signature);
byte[] sigInBytes = signingInput.getBytes(Util.UTF8_STRING_ENCODING);
RSAPublicKeySpec rsaPublicKeySpec = new RSAPublicKeySpec(rsaPublicKey.getModulus(), rsaPublicKey.getPublicExponent());
KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC");
PublicKey publicKey = keyFactory.generatePublic(rsaPublicKeySpec);
Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
cipher.init(Cipher.DECRYPT_MODE, publicKey);
byte[] decSig = cipher.doFinal(sigBytes);
aIn = new ASN1InputStream(decSig);
ASN1Sequence seq = (ASN1Sequence) aIn.readObject();
MessageDigest hash = MessageDigest.getInstance(algorithm, "BC");
hash.update(sigInBytes);
ASN1OctetString sigHash = (ASN1OctetString) seq.getObjectAt(1);
return MessageDigest.isEqual(hash.digest(), sigHash.getOctets());
} catch (IOException e) {
throw new SignatureException(e);
} catch (NoSuchAlgorithmException e) {
throw new SignatureException(e);
} catch (InvalidKeyException e) {
throw new SignatureException(e);
} catch (InvalidKeySpecException e) {
throw new SignatureException(e);
} catch (NoSuchPaddingException e) {
throw new SignatureException(e);
} catch (BadPaddingException e) {
throw new SignatureException(e);
} catch (NoSuchProviderException e) {
throw new SignatureException(e);
} catch (IllegalBlockSizeException e) {
throw new SignatureException(e);
} catch (Exception e) {
throw new SignatureException(e);
} finally {
IOUtils.closeQuietly(aIn);
}
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream)
RSAPublicKey(org.xdi.oxauth.model.crypto.signature.RSAPublicKey)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec)
IOException(java.io.IOException)
BadPaddingException(javax.crypto.BadPaddingException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
IOException(java.io.IOException)
BadPaddingException(javax.crypto.BadPaddingException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
Cipher(javax.crypto.Cipher)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
Example 4 with RSAPublicKey
use of org.xdi.oxauth.model.crypto.signature.RSAPublicKey in project oxAuth by GluuFederation.
the class SignatureTest method generateRS256Keys.
@Test
public void generateRS256Keys() throws Exception {
showTitle("TEST: generateRS256Keys");
KeyFactory<RSAPrivateKey, RSAPublicKey> keyFactory = new RSAKeyFactory(SignatureAlgorithm.RS256, "CN=Test CA Certificate");
Key<RSAPrivateKey, RSAPublicKey> key = keyFactory.getKey();
RSAPrivateKey privateKey = key.getPrivateKey();
RSAPublicKey publicKey = key.getPublicKey();
Certificate certificate = key.getCertificate();
System.out.println(key);
String signingInput = "Hello World!";
RSASigner rsaSigner1 = new RSASigner(SignatureAlgorithm.RS256, privateKey);
String signature = rsaSigner1.generateSignature(signingInput);
RSASigner rsaSigner2 = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner2.validateSignature(signingInput, signature));
RSASigner rsaSigner3 = new RSASigner(SignatureAlgorithm.RS256, certificate);
assertTrue(rsaSigner3.validateSignature(signingInput, signature));
}
Also used :
RSAKeyFactory(org.xdi.oxauth.model.crypto.signature.RSAKeyFactory)
RSAPublicKey(org.xdi.oxauth.model.crypto.signature.RSAPublicKey)
RSASigner(org.xdi.oxauth.model.jws.RSASigner)
RSAPrivateKey(org.xdi.oxauth.model.crypto.signature.RSAPrivateKey)
Certificate(org.xdi.oxauth.model.crypto.Certificate)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Example 5 with RSAPublicKey
use of org.xdi.oxauth.model.crypto.signature.RSAPublicKey in project oxAuth by GluuFederation.
the class SignatureTest method generateRS512Keys.
@Test
public void generateRS512Keys() throws Exception {
showTitle("TEST: generateRS512Keys");
KeyFactory<RSAPrivateKey, RSAPublicKey> keyFactory = new RSAKeyFactory(SignatureAlgorithm.RS512, "CN=Test CA Certificate");
Key<RSAPrivateKey, RSAPublicKey> key = keyFactory.getKey();
RSAPrivateKey privateKey = key.getPrivateKey();
RSAPublicKey publicKey = key.getPublicKey();
Certificate certificate = key.getCertificate();
System.out.println(key);
String signingInput = "Hello World!";
RSASigner rsaSigner1 = new RSASigner(SignatureAlgorithm.RS512, privateKey);
String signature = rsaSigner1.generateSignature(signingInput);
RSASigner rsaSigner2 = new RSASigner(SignatureAlgorithm.RS512, publicKey);
assertTrue(rsaSigner2.validateSignature(signingInput, signature));
RSASigner rsaSigner3 = new RSASigner(SignatureAlgorithm.RS512, certificate);
assertTrue(rsaSigner3.validateSignature(signingInput, signature));
}
Also used :
RSAKeyFactory(org.xdi.oxauth.model.crypto.signature.RSAKeyFactory)
RSAPublicKey(org.xdi.oxauth.model.crypto.signature.RSAPublicKey)
RSASigner(org.xdi.oxauth.model.jws.RSASigner)
RSAPrivateKey(org.xdi.oxauth.model.crypto.signature.RSAPrivateKey)
Certificate(org.xdi.oxauth.model.crypto.Certificate)
Test(org.testng.annotations.Test)
BaseTest(org.xdi.oxauth.BaseTest)
Aggregations
RSAPublicKey (org.xdi.oxauth.model.crypto.signature.RSAPublicKey)49
Test (org.testng.annotations.Test)43
BaseTest (org.xdi.oxauth.BaseTest)43
RSASigner (org.xdi.oxauth.model.jws.RSASigner)43
Parameters (org.testng.annotations.Parameters)40
Jwt (org.xdi.oxauth.model.jwt.Jwt)40
ResponseType (org.xdi.oxauth.model.common.ResponseType)33
JwtAuthorizationRequest (org.xdi.oxauth.client.model.authorize.JwtAuthorizationRequest)10
OxAuthCryptoProvider (org.xdi.oxauth.model.crypto.OxAuthCryptoProvider)9
Claim (org.xdi.oxauth.client.model.authorize.Claim)8
AuthorizeErrorResponseType (org.xdi.oxauth.model.authorize.AuthorizeErrorResponseType)7
Certificate (org.xdi.oxauth.model.crypto.Certificate)4
ECDSAPublicKey (org.xdi.oxauth.model.crypto.signature.ECDSAPublicKey)4
PublicKey (org.xdi.oxauth.model.crypto.PublicKey)3
RSAKeyFactory (org.xdi.oxauth.model.crypto.signature.RSAKeyFactory)3
RSAPrivateKey (org.xdi.oxauth.model.crypto.signature.RSAPrivateKey)3
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
BCRSAPublicKey (org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey)2
IOException (java.io.IOException)1
StringReader (java.io.StringReader)1
