RSAEncrypter encrypter = new RSAEncrypter((RSAKey) jwk); // there should always at least be the public key encrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance()); encrypters.put(id, encrypter); RSADecrypter decrypter = new RSADecrypter((RSAKey) jwk); decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance()); decrypters.put(id, decrypter); } else { ECDHEncrypter encrypter = new ECDHEncrypter((ECKey) jwk); encrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance()); encrypters.put(id, encrypter); ECDHDecrypter decrypter = new ECDHDecrypter((ECKey) jwk); decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance()); decrypters.put(id, decrypter); } else { DirectEncrypter encrypter = new DirectEncrypter((OctetSequenceKey) jwk); encrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance()); DirectDecrypter decrypter = new DirectDecrypter((OctetSequenceKey) jwk); decrypter.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
RSASSASigner signer = new RSASSASigner((RSAKey) jwk); signers.put(id, signer); RSASSAVerifier verifier = new RSASSAVerifier((RSAKey) jwk); verifiers.put(id, verifier); ECDSASigner signer = new ECDSASigner((ECKey) jwk); signers.put(id, signer); ECDSAVerifier verifier = new ECDSAVerifier((ECKey) jwk); verifiers.put(id, verifier); MACSigner signer = new MACSigner((OctetSequenceKey) jwk); signers.put(id, signer); MACVerifier verifier = new MACVerifier((OctetSequenceKey) jwk); verifiers.put(id, verifier);
@Override public AuthDataPair decrypt(String encrypted, PrivateKey privateKey) { try { RSADecrypter decrypter = new RSADecrypter(privateKey); JWEObject object = JWEObject.parse(encrypted); object.decrypt(decrypter); return objectMapper.readValue(object.getPayload().toString(), AuthDataPair.class); } catch (IOException | ParseException | JOSEException e) { throw new SecurityException("Error decrypting auth tokens", e); } } }
private JWSVerifier getVerifier() throws JOSEException, KrbException { if (verifyKey instanceof RSAPublicKey) { return new RSASSAVerifier((RSAPublicKey) verifyKey); } else if (verifyKey instanceof ECPublicKey) { ECPublicKey ecPublicKey = (ECPublicKey) verifyKey; return new ECDSAVerifier(ecPublicKey); } else if (verifyKey instanceof byte[]) { return new MACVerifier((byte[]) verifyKey); } throw new KrbException("An unknown verify key was specified"); }
public static JWSSigner findSigner(KeyAndJwk randomKey) throws JOSEException{ if(randomKey.jwk instanceof RSAKey){ return new RSASSASigner((RSAKey)randomKey.jwk); } else if (randomKey.jwk instanceof ECKey){ return new ECDSASigner((ECKey)randomKey.jwk); } else if (randomKey.jwk instanceof OctetSequenceKey){ return new MACSigner((OctetSequenceKey)randomKey.jwk); } else { throw new IllegalStateException("Unknown key type: " + randomKey.jwk.getClass().getName()); } } }
/** * Creates a new KnoxService. * * @param configuration knox configuration */ public KnoxService(final KnoxConfiguration configuration) { this.configuration = configuration; // if knox sso support is enabled, validate the configuration if (configuration.isKnoxEnabled()) { // ensure the url is provided knoxUrl = configuration.getKnoxUrl(); if (StringUtils.isBlank(knoxUrl)) { throw new RuntimeException("Knox URL is required when Apache Knox SSO support is enabled."); } // ensure the cookie name is set if (StringUtils.isBlank(configuration.getKnoxCookieName())) { throw new RuntimeException("Knox Cookie Name is required when Apache Knox SSO support is enabled."); } // create the verifier verifier = new RSASSAVerifier(configuration.getKnoxPublicKey()); // get the audience audiences = configuration.getAudiences(); } }
public LemonJwsService(String secret) throws JOSEException { byte[] secretKey = secret.getBytes(); signer = new MACSigner(secret); verifier = new MACVerifier(secret); }
private static String getSignedJwt(ServiceAccountCredentials credentials, String iapClientId) throws Exception { Instant now = Instant.now(clock); long expirationTime = now.getEpochSecond() + EXPIRATION_TIME_IN_SECONDS; // generate jwt signed by service account // header must contain algorithm ("alg") and key ID ("kid") JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(credentials.getPrivateKeyId()).build(); // set required claims JWTClaimsSet claims = new JWTClaimsSet.Builder() .audience(OAUTH_TOKEN_URI) .issuer(credentials.getClientEmail()) .subject(credentials.getClientEmail()) .issueTime(Date.from(now)) .expirationTime(Date.from(Instant.ofEpochSecond(expirationTime))) .claim("target_audience", iapClientId) .build(); // sign using service account private key JWSSigner signer = new RSASSASigner(credentials.getPrivateKey()); SignedJWT signedJwt = new SignedJWT(jwsHeader, claims); signedJwt.sign(signer); return signedJwt.serialize(); }
private JWEDecrypter getDecrypter() throws JOSEException, KrbException { if (decryptionKey instanceof RSAPrivateKey) { return new RSADecrypter((RSAPrivateKey) decryptionKey); } else if (decryptionKey instanceof byte[]) { return new DirectDecrypter((byte[]) decryptionKey); } throw new KrbException("An unknown decryption key was specified"); }
public JWTCustomSigner() { try { this.signer = new MACSigner(JWTSecrets.DEFAULT_SECRET); } catch (KeyLengthException e) { this.signer = null; } }
@Override protected JWEEncrypter buildEncrypter() { try { if (DirectDecrypter.SUPPORTED_ALGORITHMS.contains(algorithm)) { return new DirectEncrypter(this.secret); } else { return new AESEncrypter(this.secret); } } catch (final KeyLengthException e) { throw new TechnicalException(e); } }
@Override protected JWEDecrypter buildDecrypter() { try { if (DirectDecrypter.SUPPORTED_ALGORITHMS.contains(algorithm)) { return new DirectDecrypter(this.secret); } else { return new AESDecrypter(this.secret); } } catch (final KeyLengthException e) { throw new TechnicalException(e); } }
JWSVerifier jwsVerifier = new ECDSAVerifier(publicKey); return signedJwt.verify(jwsVerifier);
@Override protected JWEEncrypter buildEncrypter() { CommonHelper.assertNotNull("publicKey", publicKey); return new RSAEncrypter(this.publicKey); }
private JWSVerifier getVerifier() throws JOSEException, KrbException { if (verifyKey instanceof RSAPublicKey) { return new RSASSAVerifier((RSAPublicKey) verifyKey); } else if (verifyKey instanceof ECPublicKey) { ECPublicKey ecPublicKey = (ECPublicKey) verifyKey; return new ECDSAVerifier(ecPublicKey); } else if (verifyKey instanceof byte[]) { return new MACVerifier((byte[]) verifyKey); } throw new KrbException("An unknown verify key was specified"); }
public NimbusRsJwtReader(String issuer, RSAPublicKey publicKey, Clock clock) { super(issuer, new RSASSAVerifier(publicKey), clock); } }
private JWEDecrypter getDecrypter() throws JOSEException, KrbException { if (decryptionKey instanceof RSAPrivateKey) { return new RSADecrypter((RSAPrivateKey) decryptionKey); } else if (decryptionKey instanceof byte[]) { return new DirectDecrypter((byte[]) decryptionKey); } throw new KrbException("An unknown decryption key was specified"); }
@Override protected JWEDecrypter buildDecrypter() { CommonHelper.assertNotNull("privateKey", privateKey); return new RSADecrypter(this.privateKey); }
JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) publicKey);
LOG.debug("SSO token signature is not null"); try { JWSVerifier verifier = new RSASSAVerifier(SecurityUtils.parseRSAPublicKey(getKnoxKey())); if (jwtToken.verify(verifier)) { LOG.debug("SSO token has been successfully verified");