public static String encodeHashToOIDC(byte[] hash) { int hashLength = hash.length / 2; byte[] hashInput = Arrays.copyOf(hash, hashLength); return Base64Url.encode(hashInput); }
private <T> T parseToken(String encoded, Class<T> clazz) throws IOException { if (encoded == null) return null; String[] parts = encoded.split("\\."); if (parts.length < 2 || parts.length > 3) throw new IllegalArgumentException("Parsing error"); byte[] bytes = Base64Url.decode(parts[1]); return JsonSerialization.readValue(bytes, clazz); }
public static String generateSecret(int bytes) { byte[] buf = new byte[bytes]; new SecureRandom().nextBytes(buf); return Base64Url.encode(buf); }
JWEHeader getHeader() { if (header == null && base64Header != null) { try { byte[] decodedHeader = Base64Url.decode(base64Header); header = JsonSerialization.readValue(decodedHeader, JWEHeader.class); } catch (IOException ioe) { throw new RuntimeException(ioe); } } return header; }
public static String generateSecret(int bytes) { byte[] buf = new byte[bytes]; new SecureRandom().nextBytes(buf); return Base64Url.encode(buf); }
private PublicKey createRSAPublicKey() { BigInteger modulus = new BigInteger(1, Base64Url.decode(jwk.getOtherClaims().get(RSAPublicJWK.MODULUS).toString())); BigInteger publicExponent = new BigInteger(1, Base64Url.decode(jwk.getOtherClaims().get(RSAPublicJWK.PUBLIC_EXPONENT).toString())); try { KeyFactory kf = KeyFactory.getInstance("RSA"); return kf.generatePublic(new RSAPublicKeySpec(modulus, publicExponent)); } catch (Exception e) { throw new RuntimeException(e); } }
protected String encodeAll(StringBuilder encoding, byte[] signature) { encoding.append('.'); if (signature != null) { encoding.append(Base64Url.encode(signature)); } return encoding.toString(); }
public JWSInput(String wire) throws JWSInputException { try { this.wireString = wire; String[] parts = wire.split("\\."); if (parts.length < 2 || parts.length > 3) throw new IllegalArgumentException("Parsing error"); encodedHeader = parts[0]; encodedContent = parts[1]; encodedSignatureInput = encodedHeader + '.' + encodedContent; content = Base64Url.decode(encodedContent); if (parts.length > 2) { encodedSignature = parts[2]; signature = Base64Url.decode(encodedSignature); } byte[] headerBytes = Base64Url.decode(encodedHeader); header = JsonSerialization.readValue(headerBytes, JWSHeader.class); } catch (Throwable t) { throw new JWSInputException(t); } }
private String getEncodedJweString() { StringBuilder builder = new StringBuilder(); builder.append(base64Header).append(".") .append(base64Cek).append(".") .append(Base64Url.encode(initializationVector)).append(".") .append(Base64Url.encode(encryptedContent)).append(".") .append(Base64Url.encode(authenticationTag)); return builder.toString(); }
public static void debugToken( String tokenString ) { Logger logger = LoggerFactory.getLogger( KeycloakBearerTokenDebug.class ); logger.debug( "Raw token:\n '{}'", tokenString ); String[] parts = tokenString.split("\\."); if (parts.length < 2 || parts.length > 3) throw new IllegalArgumentException("Parsing error"); String encodedHeader = parts[0]; String encodedContent = parts[1]; try { logger.debug("Decoded content:\n '{}'", new String( Base64Url.decode( encodedContent ) ) ); if (parts.length > 2) { String encodedSignature = parts[2]; byte[] sig = Base64Url.decode( encodedSignature ); String sigStr = Hex.encodeHexString( sig ); logger.debug( "Got signature {} bytes long:\n\n'{}'", sig.length, sigStr ); } byte[] headerBytes = Base64Url.decode( encodedHeader ); logger.debug( "Decoded header:\n '{}'", new String( headerBytes ) ); } catch (Exception e) { throw new RuntimeException(e); } } }
public static String createKeyId(Key key) { try { return Base64Url.encode(MessageDigest.getInstance(DEFAULT_MESSAGE_DIGEST).digest(key.getEncoded())); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } }
public static boolean verify(JWSInput input, SecretKey key) { try { byte[] signature = sign(input.getEncodedSignatureInput().getBytes("UTF-8"), input.getHeader().getAlgorithm(), key); return MessageDigest.isEqual(signature, Base64Url.decode(input.getEncodedSignature())); } catch (Exception e) { throw new RuntimeException(e); } }
protected void encode(String sigAlgName, byte[] data, StringBuilder encoding) { encoding.append(encodeHeader(sigAlgName)); encoding.append('.'); encoding.append(Base64Url.encode(data)); }
private PublicKey createECPublicKey() { String crv = (String) jwk.getOtherClaims().get(ECPublicJWK.CRV); BigInteger x = new BigInteger(1, Base64Url.decode((String) jwk.getOtherClaims().get(ECPublicJWK.X))); BigInteger y = new BigInteger(1, Base64Url.decode((String) jwk.getOtherClaims().get(ECPublicJWK.Y))); String name; switch (crv) { case "P-256" : name = "secp256r1"; break; case "P-384" : name = "secp384r1"; break; case "P-521" : name = "secp521r1"; break; default : throw new RuntimeException("Unsupported curve"); } try { ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec(name); ECNamedCurveSpec params = new ECNamedCurveSpec("prime256v1", spec.getCurve(), spec.getG(), spec.getN()); ECPoint point = new ECPoint(x, y); ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(point, params); KeyFactory kf = KeyFactory.getInstance("ECDSA"); return kf.generatePublic(pubKeySpec); } catch (Exception e) { throw new RuntimeException(e); } }
protected String encodeHeader(String sigAlgName) { StringBuilder builder = new StringBuilder("{"); builder.append("\"alg\":\"").append(sigAlgName).append("\""); if (type != null) builder.append(",\"typ\" : \"").append(type).append("\""); if (kid != null) builder.append(",\"kid\" : \"").append(kid).append("\""); if (contentType != null) builder.append(",\"cty\":\"").append(contentType).append("\""); builder.append("}"); try { return Base64Url.encode(builder.toString().getBytes("UTF-8")); } catch (UnsupportedEncodingException e) { throw new RuntimeException(e); } }
public static boolean verify(JWSInput input, byte[] sharedSecret) { try { byte[] signature = sign(input.getEncodedSignatureInput().getBytes("UTF-8"), input.getHeader().getAlgorithm(), sharedSecret); return MessageDigest.isEqual(signature, Base64Url.decode(input.getEncodedSignature())); } catch (Exception e) { throw new RuntimeException(e); } }
public String getBase64Header() throws IOException { if (base64Header == null && header != null) { byte[] contentBytes = JsonSerialization.writeValueAsBytes(header); base64Header = Base64Url.encode(contentBytes); } return base64Header; }
public JWE verifyAndDecodeJwe(String jweStr) throws JWEException { try { String[] parts = jweStr.split("\\."); if (parts.length != 5) { throw new IllegalStateException("Not a JWE String"); } this.base64Header = parts[0]; this.base64Cek = parts[1]; this.initializationVector = Base64Url.decode(parts[2]); this.encryptedContent = Base64Url.decode(parts[3]); this.authenticationTag = Base64Url.decode(parts[4]); this.header = getHeader(); JWEAlgorithmProvider algorithmProvider = JWERegistry.getAlgProvider(header.getAlgorithm()); if (algorithmProvider == null) { throw new IllegalArgumentException("No provider for alg '" + header.getAlgorithm() + "'"); } JWEEncryptionProvider encryptionProvider = JWERegistry.getEncProvider(header.getEncryptionAlgorithm()); if (encryptionProvider == null) { throw new IllegalArgumentException("No provider for enc '" + header.getAlgorithm() + "'"); } keyStorage.setEncryptionProvider(encryptionProvider); byte[] decodedCek = algorithmProvider.decodeCek(Base64Url.decode(base64Cek), keyStorage.getEncryptionKey()); keyStorage.setCEKBytes(decodedCek); encryptionProvider.verifyAndDecodeJwe(this); return this; } catch (Exception e) { throw new JWEException(e); } }
protected String generateTabId() { return Base64Url.encode(KeycloakModelUtils.generateSecret(8)); } }
private void setCodeChallenge() { try { if (codeChallengeMethod.equals(OAuth2Constants.PKCE_METHOD_S256)) { MessageDigest md = MessageDigest.getInstance("SHA-256"); md.update(codeVerifier.getBytes()); StringBuilder sb = new StringBuilder(); for (byte b : md.digest()) { String hex = String.format("%02x", b); sb.append(hex); } codeChallenge = Base64Url.encode(sb.toString().getBytes()); } else { codeChallenge = Base64Url.encode(codeVerifier.getBytes()); } logger.debugf("Encode codeChallenge = %s, codeChallengeMethod = %s", codeChallenge, codeChallengeMethod); } catch (Exception e) { logger.info("PKCE client side unknown hash algorithm"); codeChallenge = Base64Url.encode(codeVerifier.getBytes()); } }