@Test public void shouldReturnNullSigningKeyIdIfCreatedWithDefaultProvider() throws Exception { ECPublicKey publicKey = mock(ECPublicKey.class); ECPrivateKey privateKey = mock(ECPrivateKey.class); ECDSAKeyProvider provider = ECDSAAlgorithm.providerForKeys(publicKey, privateKey); Algorithm algorithm = new ECDSAAlgorithm("some-alg", "some-algorithm", 32, provider); assertThat(algorithm.getSigningKeyId(), is(nullValue())); }
@Override public byte[] sign(byte[] headerBytes, byte[] payloadBytes) throws SignatureGenerationException { try { ECPrivateKey privateKey = keyProvider.getPrivateKey(); if (privateKey == null) { throw new IllegalStateException("The given Private Key is null."); } byte[] signature = crypto.createSignatureFor(getDescription(), privateKey, headerBytes, payloadBytes); return DERToJOSE(signature); } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException | IllegalStateException e) { throw new SignatureGenerationException(this, e); } }
@Override public void verify(DecodedJWT jwt) throws SignatureVerificationException { byte[] signatureBytes = Base64.decodeBase64(jwt.getSignature()); try { ECPublicKey publicKey = keyProvider.getPublicKeyById(jwt.getKeyId()); if (publicKey == null) { throw new IllegalStateException("The given Public Key is null."); } boolean valid = crypto.verifySignatureFor(getDescription(), publicKey, jwt.getHeader(), jwt.getPayload(), JOSEToDER(signatureBytes)); if (!valid) { throw new SignatureVerificationException(this); } } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException | IllegalStateException e) { throw new SignatureVerificationException(this, e); } }
@Test public void shouldDecodeECDSA384DER() throws Exception { ECDSAAlgorithm algorithm384 = (ECDSAAlgorithm) Algorithm.ECDSA384((ECPublicKey) readPublicKeyFromFile(PUBLIC_KEY_FILE_384, "EC"), (ECPrivateKey) readPrivateKeyFromFile(PRIVATE_KEY_FILE_384, "EC")); //Without padding byte[] derSignature = createDERSignature(48, false, false); byte[] joseSignature = algorithm384.DERToJOSE(derSignature); assertValidJOSESignature(joseSignature, 48, false, false); //With R padding derSignature = createDERSignature(48, true, false); joseSignature = algorithm384.DERToJOSE(derSignature); assertValidJOSESignature(joseSignature, 48, true, false); //With S padding derSignature = createDERSignature(48, false, true); joseSignature = algorithm384.DERToJOSE(derSignature); assertValidJOSESignature(joseSignature, 48, false, true); //With both paddings derSignature = createDERSignature(48, true, true); joseSignature = algorithm384.DERToJOSE(derSignature); assertValidJOSESignature(joseSignature, 48, true, true); }
/** * Creates a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384". * * @param keyProvider the provider of the Public Key and Private Key for the verify and signing instance. * @return a valid ECDSA384 Algorithm. * @throws IllegalArgumentException if the Key Provider is null. */ public static Algorithm ECDSA384(ECDSAKeyProvider keyProvider) throws IllegalArgumentException { return new ECDSAAlgorithm("ES384", "SHA384withECDSA", 48, keyProvider); }
@Test public void shouldDecodeECDSA512JOSE() throws Exception { ECDSAAlgorithm algorithm512 = (ECDSAAlgorithm) Algorithm.ECDSA512((ECPublicKey) readPublicKeyFromFile(PUBLIC_KEY_FILE_512, "EC"), (ECPrivateKey) readPrivateKeyFromFile(PRIVATE_KEY_FILE_512, "EC")); //Without padding byte[] joseSignature = createJOSESignature(66, false, false); byte[] derSignature = algorithm512.JOSEToDER(joseSignature); assertValidDERSignature(derSignature, 66, false, false); //With R padding joseSignature = createJOSESignature(66, true, false); derSignature = algorithm512.JOSEToDER(joseSignature); assertValidDERSignature(derSignature, 66, true, false); //With S padding joseSignature = createJOSESignature(66, false, true); derSignature = algorithm512.JOSEToDER(joseSignature); assertValidDERSignature(derSignature, 66, false, true); //With both paddings joseSignature = createJOSESignature(66, true, true); derSignature = algorithm512.JOSEToDER(joseSignature); assertValidDERSignature(derSignature, 66, true, true); }
/** * Creates a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256". * * @param publicKey the key to use in the verify instance. * @param privateKey the key to use in the signing instance. * @return a valid ECDSA256 Algorithm. * @throws IllegalArgumentException if the provided Key is null. */ public static Algorithm ECDSA256(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException { return ECDSA256(ECDSAAlgorithm.providerForKeys(publicKey, privateKey)); }
@Test public void shouldThrowOnDERSignatureConversionIfDoesNotStartWithCorrectSequenceByte() throws Exception { exception.expect(SignatureException.class); exception.expectMessage("Invalid DER signature format."); ECDSAAlgorithm algorithm256 = (ECDSAAlgorithm) Algorithm.ECDSA256((ECPublicKey) readPublicKeyFromFile(PUBLIC_KEY_FILE_256, "EC"), (ECPrivateKey) readPrivateKeyFromFile(PRIVATE_KEY_FILE_256, "EC")); String content256 = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9"; byte[] signature = algorithm256.sign(content256.getBytes(), new byte[0]); signature[0] = (byte) 0x02; algorithm256.DERToJOSE(signature); }
int rPadding = countPadding(joseSignature, 0, ecNumberSize); int sPadding = countPadding(joseSignature, ecNumberSize, joseSignature.length); int rLength = ecNumberSize - rPadding; int sLength = ecNumberSize - sPadding;
@Test public void shouldSignAndVerifyWithECDSA384() throws Exception { ECDSAAlgorithm algorithm384 = (ECDSAAlgorithm) Algorithm.ECDSA384((ECPublicKey) readPublicKeyFromFile(PUBLIC_KEY_FILE_384, "EC"), (ECPrivateKey) readPrivateKeyFromFile(PRIVATE_KEY_FILE_384, "EC")); String header384 = "eyJhbGciOiJFUzM4NCJ9"; String body = "eyJpc3MiOiJhdXRoMCJ9"; for (int i = 0; i < 10; i++) { String jwt = asJWT(algorithm384, header384, body); algorithm384.verify(JWT.decode(jwt)); } }
@Test public void shouldDecodeECDSA512DER() throws Exception { ECDSAAlgorithm algorithm512 = (ECDSAAlgorithm) Algorithm.ECDSA512((ECPublicKey) readPublicKeyFromFile(PUBLIC_KEY_FILE_512, "EC"), (ECPrivateKey) readPrivateKeyFromFile(PRIVATE_KEY_FILE_512, "EC")); //Without padding byte[] derSignature = createDERSignature(66, false, false); byte[] joseSignature = algorithm512.DERToJOSE(derSignature); assertValidJOSESignature(joseSignature, 66, false, false); //With R padding derSignature = createDERSignature(66, true, false); joseSignature = algorithm512.DERToJOSE(derSignature); assertValidJOSESignature(joseSignature, 66, true, false); //With S padding derSignature = createDERSignature(66, false, true); joseSignature = algorithm512.DERToJOSE(derSignature); assertValidJOSESignature(joseSignature, 66, false, true); //With both paddings derSignature = createDERSignature(66, true, true); joseSignature = algorithm512.DERToJOSE(derSignature); assertValidJOSESignature(joseSignature, 66, true, true); }
/** * Creates a new Algorithm instance using SHA256withECDSA. Tokens specify this as "ES256". * * @param keyProvider the provider of the Public Key and Private Key for the verify and signing instance. * @return a valid ECDSA256 Algorithm. * @throws IllegalArgumentException if the Key Provider is null. */ public static Algorithm ECDSA256(ECDSAKeyProvider keyProvider) throws IllegalArgumentException { return new ECDSAAlgorithm("ES256", "SHA256withECDSA", 32, keyProvider); }
@Test public void shouldDecodeECDSA384JOSE() throws Exception { ECDSAAlgorithm algorithm384 = (ECDSAAlgorithm) Algorithm.ECDSA384((ECPublicKey) readPublicKeyFromFile(PUBLIC_KEY_FILE_384, "EC"), (ECPrivateKey) readPrivateKeyFromFile(PRIVATE_KEY_FILE_384, "EC")); //Without padding byte[] joseSignature = createJOSESignature(48, false, false); byte[] derSignature = algorithm384.JOSEToDER(joseSignature); assertValidDERSignature(derSignature, 48, false, false); //With R padding joseSignature = createJOSESignature(48, true, false); derSignature = algorithm384.JOSEToDER(joseSignature); assertValidDERSignature(derSignature, 48, true, false); //With S padding joseSignature = createJOSESignature(48, false, true); derSignature = algorithm384.JOSEToDER(joseSignature); assertValidDERSignature(derSignature, 48, false, true); //With both paddings joseSignature = createJOSESignature(48, true, true); derSignature = algorithm384.JOSEToDER(joseSignature); assertValidDERSignature(derSignature, 48, true, true); }
/** * Creates a new Algorithm instance using SHA384withECDSA. Tokens specify this as "ES384". * * @param publicKey the key to use in the verify instance. * @param privateKey the key to use in the signing instance. * @return a valid ECDSA384 Algorithm. * @throws IllegalArgumentException if the provided Key is null. */ public static Algorithm ECDSA384(ECPublicKey publicKey, ECPrivateKey privateKey) throws IllegalArgumentException { return ECDSA384(ECDSAAlgorithm.providerForKeys(publicKey, privateKey)); }
@Test public void shouldThrowOnDERSignatureConversionIfDoesNotStartWithCorrectSequenceByte() throws Exception { exception.expect(SignatureException.class); exception.expectMessage("Invalid DER signature format."); ECDSAAlgorithm algorithm256 = (ECDSAAlgorithm) Algorithm.ECDSA256((ECPublicKey) readPublicKeyFromFile(PUBLIC_KEY_FILE_256, "EC"), (ECPrivateKey) readPrivateKeyFromFile(PRIVATE_KEY_FILE_256, "EC")); String content256 = "eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9"; byte[] signature = algorithm256.sign(content256.getBytes(), new byte[0]); signature[0] = (byte) 0x02; algorithm256.DERToJOSE(signature); }
int rPadding = countPadding(joseSignature, 0, ecNumberSize); int sPadding = countPadding(joseSignature, ecNumberSize, joseSignature.length); int rLength = ecNumberSize - rPadding; int sLength = ecNumberSize - sPadding;
@Test public void shouldSignAndVerifyWithECDSA384() throws Exception { ECDSAAlgorithm algorithm384 = (ECDSAAlgorithm) Algorithm.ECDSA384((ECPublicKey) readPublicKeyFromFile(PUBLIC_KEY_FILE_384, "EC"), (ECPrivateKey) readPrivateKeyFromFile(PRIVATE_KEY_FILE_384, "EC")); String header384 = "eyJhbGciOiJFUzM4NCJ9"; String body = "eyJpc3MiOiJhdXRoMCJ9"; for (int i = 0; i < 10; i++) { String jwt = asJWT(algorithm384, header384, body); algorithm384.verify(JWT.decode(jwt)); } }
@Test public void shouldReturnNullSigningKeyIdIfCreatedWithDefaultProvider() throws Exception { ECPublicKey publicKey = mock(ECPublicKey.class); ECPrivateKey privateKey = mock(ECPrivateKey.class); ECDSAKeyProvider provider = ECDSAAlgorithm.providerForKeys(publicKey, privateKey); Algorithm algorithm = new ECDSAAlgorithm("some-alg", "some-algorithm", 32, provider); assertThat(algorithm.getSigningKeyId(), is(nullValue())); }
@Test public void shouldDecodeECDSA512DER() throws Exception { ECDSAAlgorithm algorithm512 = (ECDSAAlgorithm) Algorithm.ECDSA512((ECPublicKey) readPublicKeyFromFile(PUBLIC_KEY_FILE_512, "EC"), (ECPrivateKey) readPrivateKeyFromFile(PRIVATE_KEY_FILE_512, "EC")); //Without padding byte[] derSignature = createDERSignature(66, false, false); byte[] joseSignature = algorithm512.DERToJOSE(derSignature); assertValidJOSESignature(joseSignature, 66, false, false); //With R padding derSignature = createDERSignature(66, true, false); joseSignature = algorithm512.DERToJOSE(derSignature); assertValidJOSESignature(joseSignature, 66, true, false); //With S padding derSignature = createDERSignature(66, false, true); joseSignature = algorithm512.DERToJOSE(derSignature); assertValidJOSESignature(joseSignature, 66, false, true); //With both paddings derSignature = createDERSignature(66, true, true); joseSignature = algorithm512.DERToJOSE(derSignature); assertValidJOSESignature(joseSignature, 66, true, true); }
@Override @Deprecated public byte[] sign(byte[] contentBytes) throws SignatureGenerationException { try { ECPrivateKey privateKey = keyProvider.getPrivateKey(); if (privateKey == null) { throw new IllegalStateException("The given Private Key is null."); } byte[] signature = crypto.createSignatureFor(getDescription(), privateKey, contentBytes); return DERToJOSE(signature); } catch (NoSuchAlgorithmException | SignatureException | InvalidKeyException | IllegalStateException e) { throw new SignatureGenerationException(this, e); } }