public String getPrivateKey() { RSAPrivateKeyHolder keyHolder = keyProvider.getPrivateKey(); if(keyHolder == null) { return null; } try { return SshKeyGen.toPEM(keyProvider.getPrivateKey().getKey()); } catch (Exception e) { log.error("getPrivateKey: Failed to write PEM", e); return null; } }
public String getPrivateKey() { RSAPrivateKeyHolder keyHolder = keyProvider.getPrivateKey(); if(keyHolder == null) { return null; } try { return SshKeyGen.toPEM(keyProvider.getPrivateKey().getKey()); } catch (Exception e) { log.error("getPrivateKey: Failed to write PEM", e); return null; } }
@Override public String decrypt(long accountId, String value) throws Exception { RSAPrivateKeyHolder holder = rsaKeyProvider.getPrivateKey(); PublicKey publicKey = rsaKeyProvider.getPublicKeys().get(holder.getKeyId()); String encoded = SshKeyGen.toPEM(publicKey); Map<String, Object> input = jsonMapper.readValue(value); input.put("rewrapKey", encoded); String encrypted = Request.Post(SECRETS_URL.get() + REWRAP) .bodyString(jsonMapper.writeValueAsString(input), ContentType.APPLICATION_JSON) .execute().handleResponse(new ResponseHandler<String>() { @Override public String handleResponse(HttpResponse response) throws ClientProtocolException, IOException { int statusCode = response.getStatusLine().getStatusCode(); if (statusCode >= 300) { throw new IOException("Failed to rewrap secret :" + response.getStatusLine().getReasonPhrase()); } return IOUtils.toString(response.getEntity().getContent()); } }); return unwrap(holder.getKey(), encrypted); }
RSAPrivateKeyHolder privateKey = keyProvider.getPrivateKey();
@Override public Map<String, Object> getJsonPayload(String token, boolean encrypted) throws TokenException { if (StringUtils.isEmpty(token)) { throw new TokenException("null or empty token"); } if (encrypted) { EncryptedJWT jwt = null; try { jwt = EncryptedJWT.parse(token); RSADecrypter decrypter = new RSADecrypter(keyProvider.getPrivateKey().getKey()); jwt.decrypt(decrypter); } catch (JOSEException | ParseException e) { throw new TokenDecryptionException("Invalid token", e); } return getJSONObject(jwt, encrypted); } try { JWSObject jws = JWSObject.parse(token); JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) keyProvider.getDefaultPublicKey()); if (!jws.verify(verifier)) { throw new TokenException("ERROR: Fradulent token"); } return getJSONObject(jws, encrypted); } catch (TokenException | ParseException | JOSEException e) { throw new TokenException("Error: Fradulent token, unrecognized signature", e); } }