RSASSASigner signer = new RSASSASigner((RSAKey) jwk); signers.put(id, signer);
@Override public Base64URL sign(final JWSHeader header, final byte[] signingInput) throws JOSEException { Signature signer = RSASSA.getSignerAndVerifier(header.getAlgorithm(), getJCAContext().getProvider()); try { signer.initSign(privateKey); signer.update(signingInput); return Base64URL.encode(signer.sign()); } catch (InvalidKeyException e) { throw new JOSEException("Invalid private RSA key: " + e.getMessage(), e); } catch (SignatureException e) { throw new JOSEException("RSA signature exception: " + e.getMessage(), e); } } }
private static String getSignedJwt(ServiceAccountCredentials credentials, String iapClientId) throws Exception { Instant now = Instant.now(clock); long expirationTime = now.getEpochSecond() + EXPIRATION_TIME_IN_SECONDS; // generate jwt signed by service account // header must contain algorithm ("alg") and key ID ("kid") JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(credentials.getPrivateKeyId()).build(); // set required claims JWTClaimsSet claims = new JWTClaimsSet.Builder() .audience(OAUTH_TOKEN_URI) .issuer(credentials.getClientEmail()) .subject(credentials.getClientEmail()) .issueTime(Date.from(now)) .expirationTime(Date.from(Instant.ofEpochSecond(expirationTime))) .claim("target_audience", iapClientId) .build(); // sign using service account private key JWSSigner signer = new RSASSASigner(credentials.getPrivateKey()); SignedJWT signedJwt = new SignedJWT(jwsHeader, claims); signedJwt.sign(signer); return signedJwt.serialize(); }
@VisibleForTesting protected JWSSigner createRSASSASignerForKey(RSAPrivateKey privateKey) { return new RSASSASigner(privateKey); }
public static JWSSigner findSigner(KeyAndJwk randomKey) throws JOSEException{ if(randomKey.jwk instanceof RSAKey){ return new RSASSASigner((RSAKey)randomKey.jwk); } else if (randomKey.jwk instanceof ECKey){ return new ECDSASigner((ECKey)randomKey.jwk); } else if (randomKey.jwk instanceof OctetSequenceKey){ return new MACSigner((OctetSequenceKey)randomKey.jwk); } else { throw new IllegalStateException("Unknown key type: " + randomKey.jwk.getClass().getName()); } } }
@Nonnull @Override public JwtWriter signingWriter(@Nonnull AsymmetricSigningInfo signingInfo) { return factoryHelper.makeRsJwtWriter(signingInfo.getSigningAlgorithm(), new RSASSASigner(signingInfo.getPrivateKey())); }
/** * Sign with given RSA Algorithm * * @param signedJWT * @param jwsAlgorithm * @param tenantDomain * @param tenantId * @return * @throws IdentityOAuth2Exception */ @Deprecated protected SignedJWT signJWTWithRSA(SignedJWT signedJWT, JWSAlgorithm jwsAlgorithm, String tenantDomain, int tenantId) throws IdentityOAuth2Exception { try { Key privateKey = getPrivateKey(tenantDomain, tenantId); JWSSigner signer = new RSASSASigner((RSAPrivateKey) privateKey); signedJWT.sign(signer); return signedJWT; } catch (JOSEException e) { log.error("Error in obtaining tenant's keystore", e); throw new IdentityOAuth2Exception("Error in obtaining tenant's keystore", e); } catch (Exception e) { log.error("Error in obtaining tenant's keystore", e); throw new IdentityOAuth2Exception("Error in obtaining tenant's keystore", e); } }
/** * Sign with given RSA Algorithm * * @param signedJWT * @param jwsAlgorithm * @param tenantDomain * @param tenantId * @return * @throws IdentityOAuth2Exception */ protected SignedJWT signJWTWithRSA(SignedJWT signedJWT, JWSAlgorithm jwsAlgorithm, String tenantDomain, int tenantId) throws IdentityOAuth2Exception { try { Key privateKey = getPrivateKey(tenantDomain, tenantId); JWSSigner signer = new RSASSASigner((RSAPrivateKey) privateKey); signedJWT.sign(signer); return signedJWT; } catch (JOSEException e) { log.error("Error in obtaining tenant's keystore", e); throw new IdentityOAuth2Exception("Error in obtaining tenant's keystore", e); } catch (Exception e) { log.error("Error in obtaining tenant's keystore", e); throw new IdentityOAuth2Exception("Error in obtaining tenant's keystore", e); } }
private JWT generateAuthenticationJwt() { // Create RSA-signer with the private key JWSSigner signer = new RSASSASigner(this.rsaPrivateKey); // Prepare JWT with claims set JWTClaimsSet claimsSet = new JWTClaimsSet(); claimsSet.setIssuer(issuer); claimsSet.setSubject(subject); claimsSet.setAudience(audience); claimsSet.setIssueTime(new Date()); claimsSet.setExpirationTime(new Date(new Date().getTime() + durationSeconds * 1000)); claimsSet.setJWTID(tokenReference); SignedJWT signedJWT = new SignedJWT(new com.nimbusds.jose.JWSHeader(JWSAlgorithm.RS256), claimsSet); try { signedJWT.sign(signer); } catch (JOSEException jose_ex) { throw new RuntimeException("Error signing JSON Web Token.", jose_ex); } return signedJWT; } }
private JWT generateAuthenticationJwt() { // Create RSA-signer with the private key JWSSigner signer = new RSASSASigner(this.rsaPrivateKey); // Prepare JWT with claims set JWTClaimsSet claimsSet = new JWTClaimsSet(); claimsSet.setIssuer(issuer); claimsSet.setSubject(subject); claimsSet.setAudience(audience); claimsSet.setIssueTime(new Date()); claimsSet.setExpirationTime(new Date(new Date().getTime() + durationSeconds * 1000)); claimsSet.setJWTID(tokenReference); SignedJWT signedJWT = new SignedJWT(new com.nimbusds.jose.JWSHeader(JWSAlgorithm.RS256), claimsSet); try { signedJWT.sign(signer); } catch (JOSEException jose_ex) { throw new RuntimeException("Error signing JSON Web Token.", jose_ex); } return signedJWT; } }
/** * {@inheritDoc} */ @Override public String rsaSignAndSerialize(RSAPrivateKey rsaPrivateKey, JWTClaimsSet claimsSet) throws APIManagementException { if (rsaPrivateKey == null) { throw new IllegalArgumentException("The private key must not be null"); } if (claimsSet == null) { throw new IllegalArgumentException("The JWTClaimsSet must not be null"); } JWSSigner signer = new RSASSASigner(rsaPrivateKey); SignedJWT jwt = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet); try { jwt.sign(signer); } catch (JOSEException e) { throw new APIManagementException("Error signing JWT ", e); } return jwt.serialize(); }
/** * {@inheritDoc} */ @Override public String rsaSignAndSerialize(RSAPrivateKey rsaPrivateKey, JWTClaimsSet claimsSet) throws APIManagementException { if (rsaPrivateKey == null) { throw new IllegalArgumentException("The private key must not be null"); } if (claimsSet == null) { throw new IllegalArgumentException("The JWTClaimsSet must not be null"); } JWSSigner signer = new RSASSASigner(rsaPrivateKey); SignedJWT jwt = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet); try { jwt.sign(signer); } catch (JOSEException e) { throw new APIManagementException("Error signing JWT ", e); } return jwt.serialize(); }
signer = new RSASSASigner(key); signer.setProvider(new BouncyCastleProvider());
if(algoPrefs==null) algoPrefs = JWSAlgorithm.Family.RSA; jwsAlgorithm = selectAlgoPref(JWSAlgorithm.Family.RSA, algoPrefs); if(jwsAlgorithm!=null)signer = new RSASSASigner((RSAKey) jwk); } else if (jwk instanceof ECKey) { if(algoPrefs==null) algoPrefs = JWSAlgorithm.Family.EC;
JWSSigner signer = new RSASSASigner((RSAPrivateKey) privateKey); SignedJWT signedJWT = null; if (signatureAlgorithm instanceof JWSAlgorithm) {
private static String signJWT(String uid, PrivateKey privateKey) { final JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build(); final JWTClaimsSet payload = new JWTClaimsSet.Builder().claim("uid", uid).build(); final SignedJWT signedJWT = new SignedJWT(header, payload); try { signedJWT.sign(new RSASSASigner(privateKey)); return signedJWT.serialize(); } catch (JOSEException e) { throw new RuntimeException(e); } }
private static String signJWT(String uid, PrivateKey privateKey) { final JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build(); final JWTClaimsSet payload = new JWTClaimsSet.Builder().claim("uid", uid).build(); final SignedJWT signedJWT = new SignedJWT(header, payload); try { signedJWT.sign(new RSASSASigner(privateKey)); return signedJWT.serialize(); } catch (JOSEException e) { throw new RuntimeException(e); } }
RSAPrivateKey key = (RSAPrivateKey) ks.getSigningKey(signingKeystoreName, getSigningKeyAlias(signingKeystoreAlias), passphrase); JWSSigner signer = new RSASSASigner(key); token.sign(signer); } catch (KeystoreServiceException e) {
getSigningKeyAlias(signingKeystoreAlias), passphrase); JWSSigner signer = new RSASSASigner(key, true); token.sign(signer); } catch (KeystoreServiceException e) {
RSAPrivateKey.class.cast(KeyPair.class.cast(key).getPrivateKey()), "signing key needs to exist " + key.getUuid()); signer = new RSASSASigner(privateKey);