@Override public RSAPublicKey getPublicKeyById(String keyId) { try { final PublicKey publicKey = jwkProvider.get(keyId).getPublicKey(); if (!(publicKey instanceof RSAPublicKey)) { throw new IllegalArgumentException(String.format("Key with ID '%s' was found in JWKS but is not a RSA-key.", keyId)); } return (RSAPublicKey) publicKey; } catch (JwkException e) { throw new IllegalArgumentException(String.format("Key with ID '%s' couldn't be fetched from JWKS.", keyId), e); } }
@SuppressWarnings("unchecked") private OpenIdMetadataKey findKey(String keyId) { try { Jwk jwk = this.cacheKeys.get(keyId); OpenIdMetadataKey key = new OpenIdMetadataKey(); key.key = (RSAPublicKey) jwk.getPublicKey(); key.endorsements = (List<String>) jwk.getAdditionalAttributes().get("endorsements"); return key; } catch (JwkException e) { String errorDescription = String.format("Failed to load keys: %s", e.getMessage()); LOGGER.log(Level.WARNING, errorDescription); } return null; } }
@SuppressWarnings("unchecked") private OpenIdMetadataKey findKey(String keyId) { try { Jwk jwk = cacheKeys.get(keyId); OpenIdMetadataKey key = new OpenIdMetadataKey(); key.key = (RSAPublicKey) jwk.getPublicKey(); key.endorsements = (List<String>) jwk.getAdditionalAttributes().get("endorsements"); return key; } catch (JwkException e) { String errorDescription = String.format("Failed to load keys: %s", e.getMessage()); LOGGER.log(Level.WARNING, errorDescription); } return null; } }
byte[] publicKeyBytes = jwk.getPublicKey().getEncoded(); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKeyBytes); KeyFactory keyFactory = KeyFactory.getInstance("RSA");
private void verifyJwt(JWT decoded) { try { Jwk jwk = jwkProvider.get(decoded.getKeyId()); // TODO check for Algorithm JWTVerifier verifier = JWT.require(Algorithm.RSA256((RSAKey) jwk.getPublicKey())).build(); verifier.verify(decoded.getToken()); } catch (Exception e) { e.printStackTrace(); throw new IllegalStateException("Bad token!"); } }
private synchronized PublicKey getJwtPublicKey(JwsHeader<?> header) { String kid = header.getKeyId(); if (header.getKeyId() == null) { LOG.warn( "'kid' is missing in the JWT token header. This is not possible to validate the token with OIDC provider keys"); throw new JwtException("'kid' is missing in the JWT token header."); } try { return jwkProvider.get(kid).getPublicKey(); } catch (JwkException e) { throw new JwtException( "Error during the retrieval of the public key during JWT token validation", e); } } }
@Test public void shouldReturnKeyWithMissingAlgParam() throws Exception { final String kid = randomKeyId(); Map<String, Object> values = publicKeyValues(kid, KEY_OPS_LIST); values.remove("alg"); Jwk jwk = Jwk.fromValues(values); assertThat(jwk.getPublicKey(), notNullValue()); }
@Test public void shouldReturnPublicKeyForEmptyKeyOpsParam() throws Exception { final String kid = randomKeyId(); Map<String, Object> values = publicKeyValues(kid, Lists.newArrayList()); Jwk jwk = Jwk.fromValues(values); assertThat(jwk.getPublicKey(), notNullValue()); assertThat(jwk.getOperationsAsList(), notNullValue()); assertThat(jwk.getOperationsAsList().size(), equalTo(0)); assertThat(jwk.getOperations(), nullValue()); }
@Test public void shouldReturnPublicKeyForNullKeyOpsParam() throws Exception { final String kid = randomKeyId(); Map<String, Object> values = publicKeyValues(kid, null); Jwk jwk = Jwk.fromValues(values); assertThat(jwk.getPublicKey(), notNullValue()); assertThat(jwk.getOperationsAsList(), nullValue()); assertThat(jwk.getOperations(), nullValue()); }
@Test public void shouldReturnPublicKeyForStringKeyOpsParam() throws Exception { final String kid = randomKeyId(); Map<String, Object> values = publicKeyValues(kid, KEY_OPS_STRING); Jwk jwk = Jwk.fromValues(values); assertThat(jwk.getPublicKey(), notNullValue()); assertThat(jwk.getOperationsAsList(), is(KEY_OPS_LIST)); assertThat(jwk.getOperations(), is(KEY_OPS_STRING)); }
@Test public void shouldReturnPublicKey() throws Exception { final String kid = randomKeyId(); Map<String, Object> values = publicKeyValues(kid, KEY_OPS_LIST); Jwk jwk = Jwk.fromValues(values); assertThat(jwk.getPublicKey(), notNullValue()); assertThat(jwk.getOperationsAsList(), is(KEY_OPS_LIST)); assertThat(jwk.getOperations(), is(KEY_OPS_STRING)); }
@Test public void shouldThrowForNonRSAKey() throws Exception { final String kid = randomKeyId(); Map<String, Object> values = nonRSAValues(kid); Jwk jwk = Jwk.fromValues(values); expectedException.expect(InvalidPublicKeyException.class); expectedException.expectMessage("The key is not of type RSA"); jwk.getPublicKey(); }