Skip to content

Commit

Permalink
fix: jans-auth-server: extending crypto support, sub pr4; fixes; #142/#…
Browse files Browse the repository at this point in the history 
…326;
  • Loading branch information
@smansoft
smansoft committed Jan 25, 2022
1 parent f96d66c commit 4d7f574
Show file tree
Hide file tree
Showing 5 changed files with 61 additions and 66 deletions.
48 changes: 23 additions & 25 deletions jans-auth-server/model/src/main/java/io/jans/as/model/crypto/Certificate.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,16 +77,17 @@ public PublicKey getPublicKey() {
* @return RSA Public Key from X509 Certificate.
*/
public RSAPublicKey getRsaPublicKey() {
if(x509Certificate == null) {
return null;
}
RSAPublicKey rsaPublicKey = null;
if (x509Certificate != null) {
if (x509Certificate.getPublicKey() instanceof BCRSAPublicKey) {
BCRSAPublicKey publicKey = (BCRSAPublicKey) x509Certificate.getPublicKey();
rsaPublicKey = new RSAPublicKey(publicKey.getModulus(), publicKey.getPublicExponent());
} else if (x509Certificate.getPublicKey() instanceof java.security.interfaces.RSAPublicKey) {
java.security.interfaces.RSAPublicKey publicKey = (java.security.interfaces.RSAPublicKey) x509Certificate
.getPublicKey();
rsaPublicKey = new RSAPublicKey(publicKey.getModulus(), publicKey.getPublicExponent());
}
if (x509Certificate.getPublicKey() instanceof BCRSAPublicKey) {
BCRSAPublicKey publicKey = (BCRSAPublicKey) x509Certificate.getPublicKey();
rsaPublicKey = new RSAPublicKey(publicKey.getModulus(), publicKey.getPublicExponent());
} else if (x509Certificate.getPublicKey() instanceof java.security.interfaces.RSAPublicKey) {
java.security.interfaces.RSAPublicKey publicKey = (java.security.interfaces.RSAPublicKey) x509Certificate
.getPublicKey();
rsaPublicKey = new RSAPublicKey(publicKey.getModulus(), publicKey.getPublicExponent());
}
return rsaPublicKey;
}
Expand All @@ -97,18 +98,19 @@ public RSAPublicKey getRsaPublicKey() {
* @return ECDSA Public Key from X509 Certificate.
*/
public ECDSAPublicKey getEcdsaPublicKey() {
if(x509Certificate == null) {
return null;
}
ECDSAPublicKey ecdsaPublicKey = null;
if (x509Certificate != null) {
if (x509Certificate.getPublicKey() instanceof BCECPublicKey) {
BCECPublicKey publicKey = (BCECPublicKey) x509Certificate.getPublicKey();
ecdsaPublicKey = new ECDSAPublicKey(signatureAlgorithm, publicKey.getQ().getXCoord().toBigInteger(),
publicKey.getQ().getYCoord().toBigInteger());
} else if (x509Certificate.getPublicKey() instanceof java.security.interfaces.ECPublicKey) {
java.security.interfaces.ECPublicKey publicKey = (java.security.interfaces.ECPublicKey) x509Certificate
.getPublicKey();
ecdsaPublicKey = new ECDSAPublicKey(signatureAlgorithm, publicKey.getW().getAffineX(),
publicKey.getW().getAffineY());
}
if (x509Certificate.getPublicKey() instanceof BCECPublicKey) {
BCECPublicKey publicKey = (BCECPublicKey) x509Certificate.getPublicKey();
ecdsaPublicKey = new ECDSAPublicKey(signatureAlgorithm, publicKey.getQ().getXCoord().toBigInteger(),
publicKey.getQ().getYCoord().toBigInteger());
} else if (x509Certificate.getPublicKey() instanceof java.security.interfaces.ECPublicKey) {
java.security.interfaces.ECPublicKey publicKey = (java.security.interfaces.ECPublicKey) x509Certificate
.getPublicKey();
ecdsaPublicKey = new ECDSAPublicKey(signatureAlgorithm, publicKey.getW().getAffineX(),
publicKey.getW().getAffineY());
}
return ecdsaPublicKey;
}
Expand All @@ -124,7 +126,6 @@ public EDDSAPublicKey getEddsaPublicKey() {
BCEdDSAPublicKey publicKey = (BCEdDSAPublicKey) x509Certificate.getPublicKey();
eddsaPublicKey = new EDDSAPublicKey(signatureAlgorithm, publicKey.getEncoded());
}

return eddsaPublicKey;
}

Expand All @@ -142,13 +143,10 @@ public JSONArray toJSONArray() throws JSONException {
public String toString() {
try {
StringWriter stringWriter = new StringWriter();
JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter);
try {
try (JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) {
pemWriter.writeObject(x509Certificate);
pemWriter.flush();
return stringWriter.toString();
} finally {
pemWriter.close();
}
} catch (Exception e) {
return StringUtils.EMPTY_STRING;
Expand Down
18 changes: 9 additions & 9 deletions jans-auth-server/model/src/main/java/io/jans/as/model/crypto/signature/EDDSAKeyFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,15 +213,15 @@ public static EDDSAPrivateKey createEDDSAPrivateKeyFromDecodedKey(final Signatur
private static byte[] getEncodedPubKey(final SignatureAlgorithm signatureAlgorithm, final byte[] decodedPublicKey) throws SignatureException {
byte[] encodedPubKey = null;
switch(signatureAlgorithm) {
case EDDSA: {
encodedPubKey = new byte[Ed25519Prefix.length + Ed25519PublicKeyParameters.KEY_SIZE];
System.arraycopy(Ed25519Prefix, 0, encodedPubKey, 0, Ed25519Prefix.length);
System.arraycopy(decodedPublicKey, 0, encodedPubKey, Ed25519Prefix.length, decodedPublicKey.length);
break;
}
default: {
throw new SignatureException(String.format("Wrong type of the signature algorithm (SignatureAlgorithm): %s", signatureAlgorithm.toString()));
}
case EDDSA: {
encodedPubKey = new byte[Ed25519Prefix.length + Ed25519PublicKeyParameters.KEY_SIZE];
System.arraycopy(Ed25519Prefix, 0, encodedPubKey, 0, Ed25519Prefix.length);
System.arraycopy(decodedPublicKey, 0, encodedPubKey, Ed25519Prefix.length, decodedPublicKey.length);
break;
}
default: {
throw new SignatureException(String.format("Wrong type of the signature algorithm (SignatureAlgorithm): %s", signatureAlgorithm.toString()));
}
}
return encodedPubKey;
}
Expand Down
4 changes: 1 addition & 3 deletions jans-auth-server/model/src/main/java/io/jans/as/model/jws/EDDSASigner.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,6 @@
*/
public class EDDSASigner extends AbstractJwsSigner {

public static final String DEF_BC = "BC";

private EDDSAPrivateKey eddsaPrivateKey;
private EDDSAPublicKey eddsaPublicKey;

Expand Down Expand Up @@ -93,7 +91,7 @@ public String generateSignature(String signingInput) throws SignatureException {
PKCS8EncodedKeySpec privateKeySpec = eddsaPrivateKey.getPrivateKeySpec();
java.security.KeyFactory keyFactory = java.security.KeyFactory.getInstance(signatureAlgorithm.getName());
BCEdDSAPrivateKey privateKey = (BCEdDSAPrivateKey) keyFactory.generatePrivate(privateKeySpec);
Signature signer = Signature.getInstance(signatureAlgorithm.getName(), DEF_BC);
Signature signer = Signature.getInstance(signatureAlgorithm.getName(), "BC");
signer.initSign(privateKey);
signer.update(signingInput.getBytes());
byte[] signature = signer.sign();
Expand Down
54 changes: 27 additions & 27 deletions jans-auth-server/model/src/main/java/io/jans/as/model/util/HashUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,33 +40,33 @@ public static String getHash(String input, SignatureAlgorithm signatureAlgorithm
byte[] digest = null;
if (signatureAlgorithm != null) {
switch (signatureAlgorithm) {
case HS256:
case RS256:
case PS256:
case ES256:
case ES256K: {
digest = JwtUtil.getMessageDigestSHA256(input);
break;
}
case HS384:
case RS384:
case PS384:
case ES384: {
digest = JwtUtil.getMessageDigestSHA384(input);
break;
}
case HS512:
case RS512:
case PS512:
case ES512:
case EDDSA: {
digest = JwtUtil.getMessageDigestSHA512(input);
break;
}
default: {
digest = JwtUtil.getMessageDigestSHA256(input);
break;
}
case HS256:
case RS256:
case PS256:
case ES256:
case ES256K: {
digest = JwtUtil.getMessageDigestSHA256(input);
break;
}
case HS384:
case RS384:
case PS384:
case ES384: {
digest = JwtUtil.getMessageDigestSHA384(input);
break;
}
case HS512:
case RS512:
case PS512:
case ES512:
case EDDSA: {
digest = JwtUtil.getMessageDigestSHA512(input);
break;
}
default: {
digest = JwtUtil.getMessageDigestSHA256(input);
break;
}
}
} else {
digest = JwtUtil.getMessageDigestSHA256(input);
Expand Down
3 changes: 1 addition & 2 deletions jans-auth-server/model/src/main/java/io/jans/as/model/util/JwtUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,8 +139,7 @@ public static io.jans.as.model.crypto.PublicKey getPublicKey(
}

AlgorithmFamily algorithmFamily = signatureAlgorithm.getFamily();

if(algorithmFamily == AlgorithmFamily.RSA) {
if (algorithmFamily == AlgorithmFamily.RSA) {
String exp = jsonPublicKey.getString(EXPONENT);
String mod = jsonPublicKey.getString(MODULUS);

Expand Down

0 comments on commit 4d7f574

Please sign in to comment.