String curve = asString(json, PARAM_CURVE, "EC curve"); BigInteger x = asBigInteger(json, PARAM_X_COORDINATE, "EC X Coordinate"); BigInteger y = asBigInteger(json, PARAM_Y_COODRINATE, "EC Y Coordinate"); KeyFactory kf = getKeyFactory(SECURITY_ALGORITHM); this.privateKey = getBigInteger(json, PARAM_PRIVATE_KEY, "EC Private Key") .map(privKeyValue -> toPrivateKey(kf, privKeyValue, keySpec)) .orElse(null);
/** * Update this builder from JWK in json format. * * @param json JsonObject with the JWK * @return updated builder instance, just call {@link #build()} to build the {@link JwkOctet} instance * @see JwkOctet#create(JsonObject) as a shortcut if no additional configuration is to be done */ public Builder fromJson(JsonObject json) { super.fromJson(json); this.key = JwtUtil.asByteArray(json, PARAM_OCTET_KEY, "Octet key"); return this; }
this.website.ifPresent(it -> objectBuilder.add("website", it.toASCIIString())); this.gender.ifPresent(it -> objectBuilder.add("gender", it)); this.birthday.ifPresent(it -> objectBuilder.add("birthday", JwtUtil.toDate(it))); this.timeZone.ifPresent(it -> objectBuilder.add("zoneinfo", it.getId())); this.phoneNumber.ifPresent(it -> objectBuilder.add("phone_number", it)); this.updatedAt.ifPresent(it -> objectBuilder.add("updated_at", it.getEpochSecond())); this.address.ifPresent(it -> objectBuilder.add("address", it.getJson())); this.atHash.ifPresent(it -> objectBuilder.add("at_hash", JwtUtil.base64Url(it))); this.cHash.ifPresent(it -> objectBuilder.add("c_hash", JwtUtil.base64Url(it))); this.nonce.ifPresent(it -> objectBuilder.add("nonce", it));
T fromJson(JsonObject json) { // key type agnostic values keyType(asString(json, PARAM_KEY_TYPE, "JWK Key type")); keyId(asString(json, PARAM_KEY_ID, "JWK Key id")); getString(json, PARAM_ALGORITHM).ifPresent(this::algorithm); /* sig - signatures or MAC enc - encryption */ getString(json, PARAM_USE).ifPresent(this::usage); /* sign - compute digital signature or MAC verify - verify digital signature encrypt - encrypt content decrypt - decrypt content wrapKey - encrypt key unwrapKey - decrypt key deriveKey - derive key deriveBits - derive bits not to be used as a key */ getStrings(json, PARAM_OPERATIONS).ifPresent(this::operations); return myInstance; } }
this.algorithm = JwtUtil.getString(headerJson, "alg"); this.keyId = JwtUtil.getString(headerJson, "kid"); this.type = JwtUtil.getString(headerJson, "typ"); this.contentType = JwtUtil.getString(headerJson, "cty"); this.issuer = JwtUtil.getString(payloadJson, "iss"); this.expirationTime = JwtUtil.toInstant(payloadJson, "exp"); this.issueTime = JwtUtil.toInstant(payloadJson, "iat"); this.notBefore = JwtUtil.toInstant(payloadJson, "nbf"); this.subject = JwtUtil.getString(payloadJson, "sub"); JsonValue groups = payloadJson.get("groups"); if (groups instanceof JsonArray) { this.userGroups = JwtUtil.getStrings(payloadJson, "groups"); } else { this.userGroups = JwtUtil.getString(payloadJson, "groups").map(CollectionsHelper::listOf); this.audience = JwtUtil.getStrings(payloadJson, "aud"); } else { this.audience = JwtUtil.getString(payloadJson, "aud").map(CollectionsHelper::listOf); this.jwtId = JwtUtil.getString(payloadJson, "jti"); this.email = JwtUtil.getString(payloadJson, "email"); this.emailVerified = JwtUtil.toBoolean(payloadJson, "email_verified"); this.fullName = JwtUtil.getString(payloadJson, "name"); this.givenName = JwtUtil.getString(payloadJson, "given_name"); this.middleName = JwtUtil.getString(payloadJson, "middle_name"); this.familyName = JwtUtil.getString(payloadJson, "family_name"); this.locale = JwtUtil.toLocale(payloadJson, "locale"); this.nickname = JwtUtil.getString(payloadJson, "nickname");
/** * Update this builder from JWK in json format. * * @param json JsonObject with the JWK * @return updated builder instance, just call {@link #build()} to build the {@link JwkRSA} instance * @see JwkRSA#create(JsonObject) as a shortcut if no additional configuration is to be done */ public Builder fromJson(JsonObject json) { super.fromJson(json); // now RSA specific fields BigInteger modulus = asBigInteger(json, PARAM_PUB_MODULUS, "RSA modulus"); BigInteger publicExponent = asBigInteger(json, PARAM_PUB_EXP, "RSA exponent"); KeyFactory kf = getKeyFactory(SECURITY_ALGORITHM); this.privateKey = JwtUtil.getBigInteger(json, PARAM_EXP, "RSA private exponent") .map(d -> toPrivateKey(kf, modulus, publicExponent, d, json)) .orElse(null); this.publicKey = toPublicKey(kf, modulus, publicExponent); return this; }
Principal buildPrincipal(Jwt jwt) { String subject = jwt.subject() .orElseThrow(() -> new JwtException("JWT does not contain subject claim, cannot create principal.")); String name = jwt.preferredUsername() .orElse(subject); Principal.Builder builder = Principal.builder(); builder.name(name) .id(subject); jwt.payloadClaims() .forEach((key, jsonValue) -> builder.addAttribute(key, JwtUtil.toObject(jsonValue))); jwt.email().ifPresent(value -> builder.addAttribute("email", value)); jwt.emailVerified().ifPresent(value -> builder.addAttribute("email_verified", value)); jwt.locale().ifPresent(value -> builder.addAttribute("locale", value)); jwt.familyName().ifPresent(value -> builder.addAttribute("family_name", value)); jwt.givenName().ifPresent(value -> builder.addAttribute("given_name", value)); jwt.fullName().ifPresent(value -> builder.addAttribute("full_name", value)); return builder.build(); }
T fromJson(JsonObject json) { super.fromJson(json); // get cert chain from URL or from fields if present OptionalHelper.from(JwtUtil.getString(json, PARAM_X509_CHAIN_URL) .map(URI::create) .map(Builder::processCertChain)) .or(() -> JwtUtil.getStrings(json, PARAM_X509_CHAIN) // certificate chain as base64 encoded array .map(Builder::processCertChain)) .asOptional() .ifPresent(this::certificateChain); // thumbprints this.sha1Thumbprint = JwtUtil.getByteArray(json, PARAM_X509_SHA_1, "SHA-1 Certificate Thumbprint").orElse(null); this.sha256Thumbprint = JwtUtil.getByteArray(json, PARAM_X509_SHA_256, "SHA-256 Certificate Thumbprint").orElse(null); return myInstance; } }
JsonObject json) { return JwtUtil.getBigInteger(json, PARAM_FIRST_PRIME_FACTOR, "RSA first prime factor") .map(firstPrimeFactor -> { JwtUtil.getBigInteger(json, PARAM_OTHER_PRIMES, "RSA other primes info") .ifPresent(it -> { throw new JwtException( }); BigInteger secondPrimeFactor = asBigInteger(json, PARAM_SECOND_PRIME_FACTOR, "RSA second prime factor"); BigInteger firstFactorCrtExp = asBigInteger(json, PARAM_FIRST_FACTOR_CRT_EXP, "RSA first factor CRT exponent"); BigInteger secondFactorCrtExp = asBigInteger(json, PARAM_SECOND_FACTOR_CRT_EXP, "RSA second factor CRT exponent"); BigInteger firstCrtCoeff = asBigInteger(json, PARAM_FIRST_CRT_COEFF, "RSA first CRT coefficient"); try { return kf.generatePrivate(new RSAPrivateCrtKeySpec(modulus,
/** * Extract a key value from json object that is a base64-url encoded byte array. * * @param json JsonObject to read key from * @param key key of the value we want to read * @param description description of the field for error handling * @return byte array value * @throws JwtException in case the key is not present, is of invalid content or not base64 encoded */ public static byte[] asByteArray(JsonObject json, String key, String description) throws JwtException { return getByteArray(json, key, description) .orElseThrow(() -> new JwtException("Key \"" + key + "\" is mandatory for " + description)); }
/** * Extract a key value from json object that is base64-url encoded and convert it to big integer. * * @param json JsonObject to read key from * @param key key of the value we want to read * @param description description of the field for error handling * @return BigInteger value * @throws JwtException in case the key is not present or is of invalid content */ public static BigInteger asBigInteger(JsonObject json, String key, String description) throws JwtException { return getBigInteger(json, key, description) .orElseThrow(() -> new JwtException("Key \"" + key + "\" is mandatory for " + description)); }
@Override public byte[] doSign(byte[] bytesToSign) { String alg = getSignatureAlgorithm(); if (ALG_NONE.equals(alg)) { return EMPTY_BYTES; } Mac mac = JwtUtil.getMac(alg); SecretKeySpec secretKey = new SecretKeySpec(keyBytes, alg); try { mac.init(secretKey); } catch (InvalidKeyException e) { throw new JwtException("Failed to init Mac for algorithm: " + alg, e); } return mac.doFinal(bytesToSign); }
/** * Create an instance from Json object. * * @param json with definition of a web key (any key type) * @return new instance of a descendant of this class constructed from json, based on key type */ public static Jwk create(JsonObject json) { String keyType = asString(json, PARAM_KEY_TYPE, "JWK Key type"); // gather key type specific values switch (keyType) { case KEY_TYPE_EC: return JwkEC.create(json); case KEY_TYPE_RSA: return JwkRSA.create(json); case KEY_TYPE_OCT: return JwkOctet.create(json); default: throw new JwtException("Unknown JWK type: " + keyType); } }
this.algorithm = JwtUtil.getString(headerJson, "alg"); this.keyId = JwtUtil.getString(headerJson, "kid"); this.type = JwtUtil.getString(headerJson, "typ"); this.contentType = JwtUtil.getString(headerJson, "cty"); this.issuer = JwtUtil.getString(payloadJson, "iss"); this.expirationTime = JwtUtil.toInstant(payloadJson, "exp"); this.issueTime = JwtUtil.toInstant(payloadJson, "iat"); this.notBefore = JwtUtil.toInstant(payloadJson, "nbf"); this.subject = JwtUtil.getString(payloadJson, "sub"); JsonValue groups = payloadJson.get("groups"); if (groups instanceof JsonArray) { this.userGroups = JwtUtil.getStrings(payloadJson, "groups"); } else { this.userGroups = JwtUtil.getString(payloadJson, "groups").map(CollectionsHelper::listOf); this.audience = JwtUtil.getStrings(payloadJson, "aud"); } else { this.audience = JwtUtil.getString(payloadJson, "aud").map(CollectionsHelper::listOf); this.jwtId = JwtUtil.getString(payloadJson, "jti"); this.email = JwtUtil.getString(payloadJson, "email"); this.emailVerified = JwtUtil.toBoolean(payloadJson, "email_verified"); this.fullName = JwtUtil.getString(payloadJson, "name"); this.givenName = JwtUtil.getString(payloadJson, "given_name"); this.middleName = JwtUtil.getString(payloadJson, "middle_name"); this.familyName = JwtUtil.getString(payloadJson, "family_name"); this.locale = JwtUtil.toLocale(payloadJson, "locale"); this.nickname = JwtUtil.getString(payloadJson, "nickname");
private Principal buildPrincipal(Jwt jwt) { String subject = jwt.subject() .orElseThrow(() -> new JwtException("JWT does not contain subject claim, cannot create principal.")); String name = jwt.preferredUsername() .orElse(subject); Principal.Builder builder = Principal.builder(); builder.name(name) .id(subject); jwt.payloadClaims() .forEach((key, jsonValue) -> builder.addAttribute(key, JwtUtil.toObject(jsonValue))); jwt.email().ifPresent(value -> builder.addAttribute("email", value)); jwt.emailVerified().ifPresent(value -> builder.addAttribute("email_verified", value)); jwt.locale().ifPresent(value -> builder.addAttribute("locale", value)); jwt.familyName().ifPresent(value -> builder.addAttribute("family_name", value)); jwt.givenName().ifPresent(value -> builder.addAttribute("given_name", value)); jwt.fullName().ifPresent(value -> builder.addAttribute("full_name", value)); return builder.build(); } }
T fromJson(JsonObject json) { super.fromJson(json); // get cert chain from URL or from fields if present OptionalHelper.from(JwtUtil.getString(json, PARAM_X509_CHAIN_URL) .map(URI::create) .map(Builder::processCertChain)) .or(() -> JwtUtil.getStrings(json, PARAM_X509_CHAIN) // certificate chain as base64 encoded array .map(Builder::processCertChain)) .asOptional() .ifPresent(this::certificateChain); // thumbprints this.sha1Thumbprint = JwtUtil.getByteArray(json, PARAM_X509_SHA_1, "SHA-1 Certificate Thumbprint").orElse(null); this.sha256Thumbprint = JwtUtil.getByteArray(json, PARAM_X509_SHA_256, "SHA-256 Certificate Thumbprint").orElse(null); return myInstance; } }
/** * Update this builder from JWK in json format. * * @param json JsonObject with the JWK * @return updated builder instance, just call {@link #build()} to build the {@link JwkRSA} instance * @see JwkRSA#create(JsonObject) as a shortcut if no additional configuration is to be done */ public Builder fromJson(JsonObject json) { super.fromJson(json); // now RSA specific fields BigInteger modulus = asBigInteger(json, PARAM_PUB_MODULUS, "RSA modulus"); BigInteger publicExponent = asBigInteger(json, PARAM_PUB_EXP, "RSA exponent"); KeyFactory kf = getKeyFactory(SECURITY_ALGORITHM); this.privateKey = JwtUtil.getBigInteger(json, PARAM_EXP, "RSA private exponent") .map(d -> toPrivateKey(kf, modulus, publicExponent, d, json)) .orElse(null); this.publicKey = toPublicKey(kf, modulus, publicExponent); return this; }
T fromJson(JsonObject json) { // key type agnostic values keyType(asString(json, PARAM_KEY_TYPE, "JWK Key type")); keyId(asString(json, PARAM_KEY_ID, "JWK Key id")); getString(json, PARAM_ALGORITHM).ifPresent(this::algorithm); /* sig - signatures or MAC enc - encryption */ getString(json, PARAM_USE).ifPresent(this::usage); /* sign - compute digital signature or MAC verify - verify digital signature encrypt - encrypt content decrypt - decrypt content wrapKey - encrypt key unwrapKey - decrypt key deriveKey - derive key deriveBits - derive bits not to be used as a key */ getStrings(json, PARAM_OPERATIONS).ifPresent(this::operations); return myInstance; } }
JsonObject json) { return JwtUtil.getBigInteger(json, PARAM_FIRST_PRIME_FACTOR, "RSA first prime factor") .map(firstPrimeFactor -> { JwtUtil.getBigInteger(json, PARAM_OTHER_PRIMES, "RSA other primes info") .ifPresent(it -> { throw new JwtException( }); BigInteger secondPrimeFactor = asBigInteger(json, PARAM_SECOND_PRIME_FACTOR, "RSA second prime factor"); BigInteger firstFactorCrtExp = asBigInteger(json, PARAM_FIRST_FACTOR_CRT_EXP, "RSA first factor CRT exponent"); BigInteger secondFactorCrtExp = asBigInteger(json, PARAM_SECOND_FACTOR_CRT_EXP, "RSA second factor CRT exponent"); BigInteger firstCrtCoeff = asBigInteger(json, PARAM_FIRST_CRT_COEFF, "RSA first CRT coefficient"); try { return kf.generatePrivate(new RSAPrivateCrtKeySpec(modulus,
/** * Extract a key value from json object that is base64-url encoded and convert it to big integer if present. * * @param json JsonObject to read key from * @param key key of the value we want to read * @param description description of the field for error handling * @return BigInteger value if present * @throws JwtException in case the key is of invalid content */ public static Optional<BigInteger> getBigInteger(JsonObject json, String key, String description) throws JwtException { return getByteArray(json, key, description) .map(byteValue -> { // create BigInteger try { return new BigInteger(1, byteValue); } catch (Exception e) { throw new JwtException("Failed to get a big decimal for: " + description + ", from value of key " + key, e); } }); }