/** * For algorithms based on public/private key (such as rsa-sha256), this provides access to the public key of the client. * * @param keyConfig keys configured to access a public key to validate signature * @return updated builder instance */ public Builder publicKeyConfig(KeyConfig keyConfig) { if (null == algorithm) { algorithm = HttpSignProvider.ALGORITHM_RSA; } // make sure this is a public key (validation of inbound signatures) keyConfig.publicKey() .orElseThrow(() -> new HttpSignatureException("Configuration must contain a public key")); this.keyConfig = keyConfig; return this; }
private Optional<String> validateRsaSha256(SecurityEnvironment env, InboundClientDefinition clientDefinition) { try { Signature signature = Signature.getInstance("SHA256withRSA"); signature.initVerify(clientDefinition.keyConfig() .orElseThrow(() -> new HttpSignatureException("RSA public key configuration is " + "required")) .publicKey() .orElseThrow(() -> new HttpSignatureException( "Public key is required, yet not configured"))); signature.update(getBytesToSign(env, null)); if (!signature.verify(this.signatureBytes)) { return Optional.of("Signature is not valid"); } return Optional.empty(); } catch (NoSuchAlgorithmException e) { LOGGER.log(Level.FINEST, "SHA256withRSA algorithm not found", e); return Optional.of("SHA256withRSA algorithm not found: " + e.getMessage()); } catch (InvalidKeyException e) { LOGGER.log(Level.FINEST, "Invalid RSA key", e); return Optional.of("Invalid RSA key: " + e.getMessage()); } catch (SignatureException e) { LOGGER.log(Level.FINEST, "Signature exception", e); return Optional.of("SignatureException: " + e.getMessage()); } }
.build(); publicKey = kc.publicKey() .orElseThrow(() -> new ValidationException("There is no public key available for cert alias: " + certAlias));
private JwkKeys loadPlainPublicKey(String stringContent) { return JwkKeys.builder() .addKey(JwkRSA.builder() .publicKey((RSAPublicKey) KeyConfig.pemBuilder() .publicKey(Resource.create("public key from PKCS8", stringContent)) .build() .publicKey() .orElseThrow(() -> new DeploymentException( "Failed to load public key from string content"))) .build()) .build(); }
.build(); publicKey = kc.publicKey() .orElseThrow(() -> new ValidationException("There is no public key available for cert alias: " + certAlias));
private JwkKeys loadPlainPublicKey(String stringContent) { return JwkKeys.builder() .addKey(JwkRSA.builder() .publicKey((RSAPublicKey) KeyConfig.pemBuilder() .publicKey(Resource.create("public key from PKCS8", stringContent)) .build() .publicKey() .orElseThrow(() -> new DeploymentException( "Failed to load public key from string content"))) .build()) .build(); }