-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(jans-auth-server): extending crypto support sub pr4 #670
Changes from 4 commits
05f1a65
5bad0a5
da0348a
f96d66c
4d7f574
2742575
76ff806
b92f888
99a3308
297041a
b5743f3
9a0073b
f3e5c7d
aea8512
3f94dd1
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,10 +7,12 @@ | |
package io.jans.as.model.crypto; | ||
|
||
import io.jans.as.model.crypto.signature.ECDSAPublicKey; | ||
import io.jans.as.model.crypto.signature.EDDSAPublicKey; | ||
import io.jans.as.model.crypto.signature.RSAPublicKey; | ||
import io.jans.as.model.crypto.signature.SignatureAlgorithm; | ||
import io.jans.as.model.util.StringUtils; | ||
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey; | ||
import org.bouncycastle.jcajce.provider.asymmetric.edec.BCEdDSAPublicKey; | ||
import org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey; | ||
import org.bouncycastle.openssl.jcajce.JcaPEMWriter; | ||
import org.json.JSONArray; | ||
|
@@ -21,19 +23,33 @@ | |
import java.util.Arrays; | ||
|
||
/** | ||
* Certificate, uses RSA, EcDSA, EdDSA. | ||
* | ||
* @author Javier Rojas Blum | ||
* @version June 29, 2016 | ||
* @author Sergey Manoylo | ||
* @version September 13, 2021 | ||
*/ | ||
public class Certificate { | ||
|
||
private final SignatureAlgorithm signatureAlgorithm; | ||
private final X509Certificate x509Certificate; | ||
|
||
/** | ||
* Constructor. | ||
* | ||
* @param signatureAlgorithm Signature algorithm (RS256, RS384, RS512, ES256, ES256K, ES384, ES512, PS256, PS384, PS512, EDDSA/Ed25519). | ||
* @param x509Certificate X509 certificate. | ||
*/ | ||
public Certificate(SignatureAlgorithm signatureAlgorithm, X509Certificate x509Certificate) { | ||
this.signatureAlgorithm = signatureAlgorithm; | ||
this.x509Certificate = x509Certificate; | ||
} | ||
|
||
/** | ||
* Returns Public Key from X509 Certificate. | ||
* | ||
* @return Public Key from X509 Certificate. | ||
*/ | ||
public PublicKey getPublicKey() { | ||
PublicKey publicKey = null; | ||
|
||
|
@@ -46,34 +62,70 @@ public PublicKey getPublicKey() { | |
|
||
publicKey = new ECDSAPublicKey(signatureAlgorithm, jceecPublicKey.getQ().getXCoord().toBigInteger(), | ||
jceecPublicKey.getQ().getYCoord().toBigInteger()); | ||
} else if (x509Certificate != null && x509Certificate.getPublicKey() instanceof BCEdDSAPublicKey) { | ||
BCEdDSAPublicKey jceedPublicKey = (BCEdDSAPublicKey) x509Certificate.getPublicKey(); | ||
|
||
publicKey = new EDDSAPublicKey(signatureAlgorithm, jceedPublicKey.getEncoded()); | ||
} | ||
|
||
return publicKey; | ||
} | ||
|
||
/** | ||
* Returns RSA Public Key from X509 Certificate. | ||
* | ||
* @return RSA Public Key from X509 Certificate. | ||
*/ | ||
public RSAPublicKey getRsaPublicKey() { | ||
RSAPublicKey rsaPublicKey = null; | ||
|
||
if (x509Certificate != null && x509Certificate.getPublicKey() instanceof BCRSAPublicKey) { | ||
BCRSAPublicKey publicKey = (BCRSAPublicKey) x509Certificate.getPublicKey(); | ||
|
||
rsaPublicKey = new RSAPublicKey(publicKey.getModulus(), publicKey.getPublicExponent()); | ||
if (x509Certificate != null) { | ||
if (x509Certificate.getPublicKey() instanceof BCRSAPublicKey) { | ||
BCRSAPublicKey publicKey = (BCRSAPublicKey) x509Certificate.getPublicKey(); | ||
rsaPublicKey = new RSAPublicKey(publicKey.getModulus(), publicKey.getPublicExponent()); | ||
} else if (x509Certificate.getPublicKey() instanceof java.security.interfaces.RSAPublicKey) { | ||
java.security.interfaces.RSAPublicKey publicKey = (java.security.interfaces.RSAPublicKey) x509Certificate | ||
.getPublicKey(); | ||
rsaPublicKey = new RSAPublicKey(publicKey.getModulus(), publicKey.getPublicExponent()); | ||
} | ||
} | ||
|
||
return rsaPublicKey; | ||
} | ||
|
||
/** | ||
* Returns ECDSA Public Key from X509 Certificate. | ||
* | ||
* @return ECDSA Public Key from X509 Certificate. | ||
*/ | ||
public ECDSAPublicKey getEcdsaPublicKey() { | ||
ECDSAPublicKey ecdsaPublicKey = null; | ||
if (x509Certificate != null) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. early exit |
||
if (x509Certificate.getPublicKey() instanceof BCECPublicKey) { | ||
BCECPublicKey publicKey = (BCECPublicKey) x509Certificate.getPublicKey(); | ||
ecdsaPublicKey = new ECDSAPublicKey(signatureAlgorithm, publicKey.getQ().getXCoord().toBigInteger(), | ||
publicKey.getQ().getYCoord().toBigInteger()); | ||
} else if (x509Certificate.getPublicKey() instanceof java.security.interfaces.ECPublicKey) { | ||
java.security.interfaces.ECPublicKey publicKey = (java.security.interfaces.ECPublicKey) x509Certificate | ||
.getPublicKey(); | ||
ecdsaPublicKey = new ECDSAPublicKey(signatureAlgorithm, publicKey.getW().getAffineX(), | ||
publicKey.getW().getAffineY()); | ||
} | ||
} | ||
return ecdsaPublicKey; | ||
} | ||
|
||
if (x509Certificate != null && x509Certificate.getPublicKey() instanceof BCECPublicKey) { | ||
BCECPublicKey publicKey = (BCECPublicKey) x509Certificate.getPublicKey(); | ||
|
||
ecdsaPublicKey = new ECDSAPublicKey(signatureAlgorithm, publicKey.getQ().getXCoord().toBigInteger(), | ||
publicKey.getQ().getYCoord().toBigInteger()); | ||
/** | ||
* Returns EDDSA Public Key from X509 Certificate. | ||
* | ||
* @return EDDSA Public Key from X509 Certificate. | ||
*/ | ||
public EDDSAPublicKey getEddsaPublicKey() { | ||
EDDSAPublicKey eddsaPublicKey = null; | ||
if (x509Certificate != null && x509Certificate.getPublicKey() instanceof BCEdDSAPublicKey) { | ||
BCEdDSAPublicKey publicKey = (BCEdDSAPublicKey) x509Certificate.getPublicKey(); | ||
eddsaPublicKey = new EDDSAPublicKey(signatureAlgorithm, publicKey.getEncoded()); | ||
} | ||
|
||
return ecdsaPublicKey; | ||
return eddsaPublicKey; | ||
} | ||
|
||
public JSONArray toJSONArray() throws JSONException { | ||
|
@@ -90,13 +142,17 @@ public JSONArray toJSONArray() throws JSONException { | |
public String toString() { | ||
try { | ||
StringWriter stringWriter = new StringWriter(); | ||
try (JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. try-resource statement looks better, is there any reason with replacing it with manual |
||
JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter); | ||
try { | ||
pemWriter.writeObject(x509Certificate); | ||
pemWriter.flush(); | ||
return stringWriter.toString(); | ||
} finally { | ||
pemWriter.close(); | ||
} | ||
} catch (Exception e) { | ||
return StringUtils.EMPTY_STRING; | ||
} | ||
} | ||
|
||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -16,7 +16,6 @@ | |
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; | ||
import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters; | ||
import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters; | ||
import org.bouncycastle.crypto.params.Ed448PublicKeyParameters; | ||
import org.bouncycastle.crypto.util.PrivateKeyInfoFactory; | ||
import org.bouncycastle.jcajce.provider.asymmetric.edec.BCEdDSAPrivateKey; | ||
import org.bouncycastle.jcajce.provider.asymmetric.edec.BCEdDSAPublicKey; | ||
|
@@ -82,7 +81,7 @@ public EDDSAKeyFactory(final SignatureAlgorithm signatureAlgorithm, final String | |
} | ||
this.signatureAlgorithm = signatureAlgorithm; | ||
|
||
EdDSAParameterSpec edSpec = new EdDSAParameterSpec(signatureAlgorithm.getName()); | ||
EdDSAParameterSpec edSpec = new EdDSAParameterSpec(signatureAlgorithm.getCurve().getName()); | ||
|
||
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(signatureAlgorithm.getName(), DEF_BC); | ||
keyGen.initialize(edSpec, new SecureRandom()); | ||
|
@@ -213,23 +212,16 @@ public static EDDSAPrivateKey createEDDSAPrivateKeyFromDecodedKey(final Signatur | |
*/ | ||
private static byte[] getEncodedPubKey(final SignatureAlgorithm signatureAlgorithm, final byte[] decodedPublicKey) throws SignatureException { | ||
byte[] encodedPubKey = null; | ||
switch (signatureAlgorithm) { | ||
case EDDSA: | ||
case ED25519: { | ||
encodedPubKey = new byte[Ed25519Prefix.length + Ed25519PublicKeyParameters.KEY_SIZE]; | ||
System.arraycopy(Ed25519Prefix, 0, encodedPubKey, 0, Ed25519Prefix.length); | ||
System.arraycopy(decodedPublicKey, 0, encodedPubKey, Ed25519Prefix.length, decodedPublicKey.length); | ||
break; | ||
} | ||
case ED448: { | ||
encodedPubKey = new byte[Ed448Prefix.length + Ed448PublicKeyParameters.KEY_SIZE]; | ||
System.arraycopy(Ed448Prefix, 0, encodedPubKey, 0, Ed448Prefix.length); | ||
System.arraycopy(decodedPublicKey, 0, encodedPubKey, Ed448Prefix.length, decodedPublicKey.length); | ||
break; | ||
} | ||
default: { | ||
throw new SignatureException(String.format("Wrong type of the signature algorithm (SignatureAlgorithm): %s", signatureAlgorithm.toString())); | ||
} | ||
switch(signatureAlgorithm) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. formatting |
||
case EDDSA: { | ||
encodedPubKey = new byte[Ed25519Prefix.length + Ed25519PublicKeyParameters.KEY_SIZE]; | ||
System.arraycopy(Ed25519Prefix, 0, encodedPubKey, 0, Ed25519Prefix.length); | ||
System.arraycopy(decodedPublicKey, 0, encodedPubKey, Ed25519Prefix.length, decodedPublicKey.length); | ||
break; | ||
} | ||
default: { | ||
throw new SignatureException(String.format("Wrong type of the signature algorithm (SignatureAlgorithm): %s", signatureAlgorithm.toString())); | ||
} | ||
} | ||
return encodedPubKey; | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets do early exit. We have big problems with nested ifs in bigger methods.