private static X509Certificate parsePemX509CertificateContent(String type, ByteIterator byteIterator) throws IllegalArgumentException { if (! type.equals(CERTIFICATE_FORMAT)) { throw log.invalidPemType(CERTIFICATE_FORMAT, type); } try { final CertificateFactory instance = CertificateFactory.getInstance("X.509"); return (X509Certificate) instance.generateCertificate(byteIterator.asInputStream()); } catch (CertificateException e) { throw log.certificateParseError(e); } }
private void parseCertificate(final List<Credential> credentials, final XMLStreamReader streamReader) throws RealmUnavailableException, XMLStreamException { parseCredential(streamReader, (algorithm, format, text) -> { if (algorithm == null) algorithm = "X.509"; if (format == null) format = X509_FORMAT; try { final CertificateFactory certificateFactory = CertificateFactory.getInstance(algorithm); credentials.add(new X509CertificateChainPublicCredential((X509Certificate) certificateFactory.generateCertificate( CodePointIterator.ofString(text).base64Decode().asInputStream()))); } catch (CertificateException | ClassCastException e) { throw ElytronMessages.log.fileSystemRealmCertificateReadError(format, path, streamReader.getLocation().getLineNumber(), name); } }); }
private Signature createSignature(String encodedHeader, String encodedClaims) throws NoSuchAlgorithmException, SignatureException, RealmUnavailableException { byte[] headerDecoded = Base64.getUrlDecoder().decode(encodedHeader); JsonObject headers = Json.createReader(ByteIterator.ofBytes(headerDecoded).asInputStream()).readObject(); String headerAlg = resolveAlgorithm(headers); Signature signature = Signature.getInstance(headerAlg); try { PublicKey publicKey = resolvePublicKey(headers); if (publicKey == null) { log.debug("Public key could not be resolved."); return null; } signature.initVerify(publicKey); } catch (InvalidKeyException e) { e.printStackTrace(); return null; } signature.update((encodedHeader + "." + encodedClaims).getBytes()); return signature; }
private JsonObject extractClaims(String encodedClaims) throws RealmUnavailableException { try { Base64.Decoder urlDecoder = Base64.getUrlDecoder(); CodePointIterator decodedClaims = CodePointIterator.ofUtf8Bytes(urlDecoder.decode(encodedClaims)); return Json.createReader(decodedClaims.asUtf8().asInputStream()).readObject(); } catch (Exception cause) { throw log.tokenRealmJwtParseFailed(cause); } }
private static X509Certificate parsePemX509CertificateContent(String type, ByteIterator byteIterator) throws IllegalArgumentException { if (! type.equals(CERTIFICATE_FORMAT)) { throw log.invalidPemType(CERTIFICATE_FORMAT, type); } try { final CertificateFactory instance = CertificateFactory.getInstance("X.509"); return (X509Certificate) instance.generateCertificate(byteIterator.asInputStream()); } catch (CertificateException e) { throw log.certificateParseError(e); } }
private static X509Certificate parsePemX509CertificateContent(String type, ByteIterator byteIterator) throws IllegalArgumentException { if (! type.equals(CERTIFICATE_FORMAT)) { throw log.invalidPemType(CERTIFICATE_FORMAT, type); } try { final CertificateFactory instance = CertificateFactory.getInstance("X.509"); return (X509Certificate) instance.generateCertificate(byteIterator.asInputStream()); } catch (CertificateException e) { throw log.certificateParseError(e); } }
private static X509Certificate parsePemX509CertificateContent(String type, ByteIterator byteIterator) throws IllegalArgumentException { if (! type.equals(CERTIFICATE_FORMAT)) { throw log.invalidPemType(CERTIFICATE_FORMAT, type); } try { final CertificateFactory instance = CertificateFactory.getInstance("X.509"); return (X509Certificate) instance.generateCertificate(byteIterator.asInputStream()); } catch (CertificateException e) { throw log.certificateParseError(e); } }
private void parseCertificate(final List<Credential> credentials, final XMLStreamReader streamReader) throws RealmUnavailableException, XMLStreamException { parseCredential(streamReader, (algorithm, format, text) -> { if (algorithm == null) algorithm = "X.509"; if (format == null) format = X509_FORMAT; try { final CertificateFactory certificateFactory = CertificateFactory.getInstance(algorithm); credentials.add(new X509CertificateChainPublicCredential((X509Certificate) certificateFactory.generateCertificate( CodePointIterator.ofString(text).base64Decode().asInputStream()))); } catch (CertificateException | ClassCastException e) { throw ElytronMessages.log.fileSystemRealmCertificateReadError(format, path, streamReader.getLocation().getLineNumber(), name); } }); }
private void parseCertificate(final List<Credential> credentials, final XMLStreamReader streamReader) throws RealmUnavailableException, XMLStreamException { parseCredential(streamReader, (algorithm, format, text) -> { if (algorithm == null) algorithm = "X.509"; if (format == null) format = X509_FORMAT; try { final CertificateFactory certificateFactory = CertificateFactory.getInstance(algorithm); credentials.add(new X509CertificateChainPublicCredential((X509Certificate) certificateFactory.generateCertificate( CodePointIterator.ofString(text).base64Decode().asInputStream()))); } catch (CertificateException | ClassCastException e) { throw ElytronMessages.log.fileSystemRealmCertificateReadError(format, path, streamReader.getLocation().getLineNumber(), name); } }); }
private void parseCertificate(final List<Credential> credentials, final XMLStreamReader streamReader) throws RealmUnavailableException, XMLStreamException { parseCredential(streamReader, (algorithm, format, text) -> { if (algorithm == null) algorithm = "X.509"; if (format == null) format = X509_FORMAT; try { final CertificateFactory certificateFactory = CertificateFactory.getInstance(algorithm); credentials.add(new X509CertificateChainPublicCredential((X509Certificate) certificateFactory.generateCertificate( CodePointIterator.ofString(text).base64Decode().asInputStream()))); } catch (CertificateException | ClassCastException e) { throw ElytronMessages.log.fileSystemRealmCertificateReadError(format, path, streamReader.getLocation().getLineNumber(), name); } }); }
private Signature createSignature(String encodedHeader, String encodedClaims) throws NoSuchAlgorithmException, SignatureException, RealmUnavailableException { byte[] headerDecoded = Base64.getUrlDecoder().decode(encodedHeader); JsonObject headers = Json.createReader(ByteIterator.ofBytes(headerDecoded).asInputStream()).readObject(); String headerAlg = resolveAlgorithm(headers); Signature signature = Signature.getInstance(headerAlg); try { PublicKey publicKey = resolvePublicKey(headers); if (publicKey == null) { log.debug("Public key could not be resolved."); return null; } signature.initVerify(publicKey); } catch (InvalidKeyException e) { e.printStackTrace(); return null; } signature.update((encodedHeader + "." + encodedClaims).getBytes()); return signature; }
private Signature createSignature(String encodedHeader, String encodedClaims) throws NoSuchAlgorithmException, SignatureException, RealmUnavailableException { byte[] headerDecoded = Base64.getUrlDecoder().decode(encodedHeader); JsonObject headers = Json.createReader(ByteIterator.ofBytes(headerDecoded).asInputStream()).readObject(); String headerAlg = resolveAlgorithm(headers); Signature signature = Signature.getInstance(headerAlg); try { PublicKey publicKey = resolvePublicKey(headers); if (publicKey == null) { log.debug("Public key could not be resolved."); return null; } signature.initVerify(publicKey); } catch (InvalidKeyException e) { e.printStackTrace(); return null; } signature.update((encodedHeader + "." + encodedClaims).getBytes()); return signature; }
private JsonObject extractClaims(String encodedClaims) throws RealmUnavailableException { try { Base64.Decoder urlDecoder = Base64.getUrlDecoder(); CodePointIterator decodedClaims = CodePointIterator.ofUtf8Bytes(urlDecoder.decode(encodedClaims)); return Json.createReader(decodedClaims.asUtf8().asInputStream()).readObject(); } catch (Exception cause) { throw log.tokenRealmJwtParseFailed(cause); } }
private JsonObject extractClaims(String encodedClaims) throws RealmUnavailableException { try { Base64.Decoder urlDecoder = Base64.getUrlDecoder(); CodePointIterator decodedClaims = CodePointIterator.ofUtf8Bytes(urlDecoder.decode(encodedClaims)); return Json.createReader(decodedClaims.asUtf8().asInputStream()).readObject(); } catch (Exception cause) { throw log.tokenRealmJwtParseFailed(cause); } }
private JsonObject extractClaims(String encodedClaims) throws RealmUnavailableException { try { Base64.Decoder urlDecoder = Base64.getUrlDecoder(); CodePointIterator decodedClaims = CodePointIterator.ofUtf8Bytes(urlDecoder.decode(encodedClaims)); return Json.createReader(decodedClaims.asUtf8().asInputStream()).readObject(); } catch (Exception cause) { throw log.tokenRealmJwtParseFailed(cause); } }
private String resolveAlgorithm(String part) throws RealmUnavailableException { byte[] headerDecoded = Base64.getUrlDecoder().decode(part); JsonObject headers = Json.createReader(ByteIterator.ofBytes(headerDecoded).asInputStream()).readObject(); JsonString algClaim = (JsonString) headers.get("alg"); if (algClaim == null) { throw log.tokenRealmJwtSignatureInvalidAlgorithm("not_provided"); } String algorithm = algClaim.getString(); log.debugf("Token is using algorithm [%s]", algorithm); switch (algorithm) { case "RS256": return "SHA256withRSA"; case "RS384": return "SHA384withRSA"; case "RS512": return "SHA512withRSA"; default: throw log.tokenRealmJwtSignatureInvalidAlgorithm(algorithm); } }