Skip to content

Commit a1b36a1

Browse files
jdahmubedjdahmubed
committed
x509 that is working and KeyJar
1 parent 33ae9a1 commit a1b36a1

21 files changed

Lines changed: 630 additions & 37 deletions

lib/jwks.cert

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIFQDCCAyigAwIBAgIJAIAQTsRw4XqQMA0GCSqGSIb3DQEBCwUAMDUxCzAJBgNV
3+
BAYTAlNFMRIwEAYDVQQKDAlDYXRhbG9naXgxEjAQBgNVBAMMCWxvY2FsaG9zdDAe
4+
Fw0xNzEyMTUxOTE1MjlaFw0xODEyMTUxOTE1MjlaMDUxCzAJBgNVBAYTAlNFMRIw
5+
EAYDVQQKDAlDYXRhbG9naXgxEjAQBgNVBAMMCWxvY2FsaG9zdDCCAiIwDQYJKoZI
6+
hvcNAQEBBQADggIPADCCAgoCggIBAKAFR65TGJ87P7Pf0Qyay6lZ00a/BaY04IgQ
7+
rXCehBpkC8LEOX//pef9FKWYVoa2a5nbw11v62mP6d0s2F+Hxzhlz20IxumYoyY3
8+
RR19QhA24B16JCYR8gkZjL0VBPzKsZp1Nk48oR1Pn8RmFMps8ERfgmKp9hwXQz4G
9+
va8tU8b9HTHjbs9716nfxd6lkHWPqrfAx3X+z673K0l9nt8t1Qjm1Xd6mAAz52sH
10+
F6VBf1DUnHGwaAKP5QztNEtx1bfX8iJHTh2yFkyPUwQwF6+4v+IuvctVK/Swf8Tw
11+
PqKpsijlgWGtBoW3HSbVP3W/PrXjlF2jsrozFhqmXLVPHhh9dhxtfMxRpCGrhXyh
12+
URJOqnuIaW4Nz43CYvE17tDgPsdU24nAmwCFx8b7hFCEKPNXkT04YAx9CGrhRblv
13+
mh9nijDtV3xoHuueV+KLJ+UXyl0Tb2NvsN1WTB8m6A3fkb0CKiOFQPh5x7wUvTEg
14+
DOZgFLjQ58E+O8ppyDtjaxHA71KRIYyzuob8Z8AhErdlEBBb6WyIvulHhlcDWnIj
15+
bZ6v7X+pRGJSIJj+tYFgwMuTAgBTkIvohK6uBRU9E8rVPHFZ/0NGtJ66ILN3IEa7
16+
yKN8h8sretsb67XFujf8lN0+SQZhbyvAjvs6gsM93Asvo+lOPst7pc9O35g8Frkz
17+
tCzvyUMRAgMBAAGjUzBRMB0GA1UdDgQWBBQYsp8KJs+Rk8GQmUbFxqWklKOC7zAf
18+
BgNVHSMEGDAWgBQYsp8KJs+Rk8GQmUbFxqWklKOC7zAPBgNVHRMBAf8EBTADAQH/
19+
MA0GCSqGSIb3DQEBCwUAA4ICAQAfHxNIahFjwIC8jKgT0kFPh752ZjtAD00PUwtM
20+
RiaMgYTWpZlQkYz0DEGPEbWyRHs0qCfxHhMvDs6selnZRWn/1dFZB0BxEroQCB0o
21+
oZK5pm0TAICShiAdPyef8VupMZtaKWtir1wh40Lj19vGxI1lcKpCLxA1NihePX7u
22+
ZCfSAEqLKVpz/4bZd6s7LLlCHmdS4zGLuF0dgoOL38LS30d6WKXc5SgYnFvXtKeV
23+
n8V4CntRmVY3YMkMtRdujt2MweVVnhuclycwCL7D/zHOAyNAliZqilp2hVtrOYOp
24+
9K0W9S9t67dLFDra6uIynVyUhCwQ5O4lmx/WEolLwmpSoiPEavOmhTKEqRKUjjkO
25+
5X8QWxgSpZ+VtR2L7LTHknVXiv0uO8bgwWGTpzvXdUyHFOu+Z1b8sjqh+Z7CkEaz
26+
3aLq/TjHlPvW0LZk53OwYweZVelbL3ssor+rE8sxb543nlh0rnUNKG+zbNUoM/PS
27+
FyLQduERK97RZKyeBgjUQ95k865PO9jBeruOF4MMpLF8zLixQdcTWerAjVagafKA
28+
xltFrB+L3HADG0YZnceQW8d07ROjarm2Wa6tx71sUppqn1cogAoQlIFl3K8lD3gd
29+
vWLlelJvcre0p4K1LhYHDD4vayJuDV3391dxWX9QQd4HS2k2p0JljUIaUzrn8+fe
30+
w8h7tQ==
31+
-----END CERTIFICATE-----

lib/jwksRSA.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
{"keys":[{"alg":"RS256","kty":"RSA","use":"sig","x5c":["MIIDDTCCAfWgAwIBAgIJAJVkuSv2H8mDMA0GCSqGSIb3DQEBBQUAMB0xGzAZBgNVBAMMEnNhbmRyaW5vLmF1dGgwLmNvbTAeFw0xNDA1MTQyMTIyMjZaFw0yODAxMjEyMTIyMjZaMB0xGzAZBgNVBAMMEnNhbmRyaW5vLmF1dGgwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6jWASkHhXz5Ug6t5BsYBrXDIgrWu05f3oq2fE+5J5REKJiY0Ddc+Kda34ZwOptnUoef3JwKPDAckTJQDugweNNZPwOmFMRKj4xqEpxEkIX8C+zHs41Q6x54ZZy0xU+WvTGcdjzyZTZ/h0iOYisswFQT/s6750tZG0BOBtZ5qS/80tmWH7xFitgewdWteJaASE/eO1qMtdNsp9fxOtN5U/pZDUyFm3YRfOcODzVqp3wOz+dcKb7cdZN11EYGZOkjEekpcedzHCo9H4aOmdKCpytqL/9FXoihcBMg39s1OW3cfwfgf5/kvOJdcqR4PoATQTfsDVoeMWVB4XLGR6SC5kCAwEAAaNQME4wHQYDVR0OBBYEFHDYn9BQdup1CoeoFi0Rmf5xn/W9MB8GA1UdIwQYMBaAFHDYn9BQdup1CoeoFi0Rmf5xn/W9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGLpQZdd2ICVnGjc6CYfT3VNoujKYWk7E0shGaCXFXptrZ8yaryfo6WAizTfgOpQNJH+Jz+QsCjvkRt6PBSYX/hb5OUDU2zNJN48/VOw57nzWdjI70H2Ar4oJLck36xkIRs/+QX+mSNCjZboRwh0LxanXeALHSbCgJkbzWbjVnfJEQUP9P/7NGf0MkO5I95C/Pz9g91y8gU+R3imGppLy9Zx+OwADFwKAEJak4JrNgcjHBQenakAXnXP6HG4hHH4MzO8LnLiKv8ZkKVL67da/80PcpO0miMNPaqBBMd2Cy6GzQYE0ag6k0nk+DMIFn7K+o21gjUuOEJqIbAvhbf2KcM="],"n":"vqNYBKQeFfPlSDq3kGxgGtcMiCta7Tl_eirZ8T7knlEQomJjQN1z4p1rfhnA6m2dSh5_cnAo8MByRMlAO6DB401k_A6YUxEqPjGoSnESQhfwL7MezjVDrHnhlnLTFT5a9MZx2PPJlNn-HSI5iKyzAVBP-zrvnS1kbQE4G1nmpL_zS2ZYfvEWK2B7B1a14loBIT947Woy102yn1_E603lT-lkNTIWbdhF85w4PNWqnfA7P51wpvtx1k3XURgZk6SMR6Slx53McKj0fho6Z0oKnK2ov_0VeiKFwEyDf2zU5bdx_B-B_n-S84l1ypHg-gBNBN-wNWh4xZUHhcsZHpILmQ","e":"AQAB","kid":"RkI5MjI5OUY5ODc1N0Q4QzM0OUYzNkVGMTJDOUEzQkFCOTU3NjE2Rg","x5t":"RkI5MjI5OUY5ODc1N0Q4QzM0OUYzNkVGMTJDOUEzQkFCOTU3NjE2Rg"}]}
1+
{"keys":[{"alg":"RS256","kty":"RSA","use":"sig","x5c":["MIIDDTCCAfWgAwIBAgIJAJVkuSv2H8mDMA0GCSqGSIb3DQEBBQUAMB0xGzAZBgNVBAMMEnNhbmRyaW5vLmF1dGgwLmNvbTAeFw0xNDA1MTQyMTIyMjZaFw0yODAxMjEyMTIyMjZaMB0xGzAZBgNVBAMMEnNhbmRyaW5vLmF1dGgwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6jWASkHhXz5Ug6t5BsYBrXDIgrWu05f3oq2fE+5J5REKJiY0Ddc+Kda34ZwOptnUoef3JwKPDAckTJQDugweNNZPwOmFMRKj4xqEpxEkIX8C+zHs41Q6x54ZZy0xU+WvTGcdjzyZTZ/h0iOYisswFQT/s6750tZG0BOBtZ5qS/80tmWH7xFitgewdWteJaASE/eO1qMtdNsp9fxOtN5U/pZDUyFm3YRfOcODzVqp3wOz+dcKb7cdZN11EYGZOkjEekpcedzHCo9H4aOmdKCpytqL/9FXoihcBMg39s1OW3cfwfgf5/kvOJdcqR4PoATQTfsDVoeMWVB4XLGR6SC5kCAwEAAaNQME4wHQYDVR0OBBYEFHDYn9BQdup1CoeoFi0Rmf5xn/W9MB8GA1UdIwQYMBaAFHDYn9BQdup1CoeoFi0Rmf5xn/W9MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGLpQZdd2ICVnGjc6CYfT3VNoujKYWk7E0shGaCXFXptrZ8yaryfo6WAizTfgOpQNJH+Jz+QsCjvkRt6PBSYX/hb5OUDU2zNJN48/VOw57nzWdjI70H2Ar4oJLck36xkIRs/+QX+mSNCjZboRwh0LxanXeALHSbCgJkbzWbjVnfJEQUP9P/7NGf0MkO5I95C/Pz9g91y8gU+R3imGppLy9Zx+OwADFwKAEJak4JrNgcjHBQenakAXnXP6HG4hHH4MzO8LnLiKv8ZkKVL67da/80PcpO0miMNPaqBBMd2Cy6GzQYE0ag6k0nk+DMIFn7K+o21gjUuOEJqIbAvhbf2KcM="],"n":"vqNYBKQeFfPlSDq3kGxgGtcMiCta7Tl_eirZ8T7knlEQomJjQN1z4p1rfhnA6m2dSh5_cnAo8MByRMlAO6DB401k_A6YUxEqPjGoSnESQhfwL7MezjVDrHnhlnLTFT5a9MZx2PPJlNn-HSI5iKyzAVBP-zrvnS1kbQE4G1nmpL_zS2ZYfvEWK2B7B1a14loBIT947Woy102yn1_E603lT-lkNTIWbdhF85w4PNWqnfA7P51wpvtx1k3XURgZk6SMR6Slx53McKj0fho6Z0oKnK2ov_0VeiKFwEyDf2zU5bdx_B-B_n-S84l1ypHg-gBNBN-wNWh4xZUHhcsZHpILmQ","e":"AQAB","kid":"8RGoVdVjD8fItyR3FFo0hVNaZYtPGwoP6xKi9e_V7bI","x5t":"RkI5MjI5OUY5ODc1N0Q4QzM0OUYzNkVGMTJDOUEzQkFCOTU3NjE2Rg"}]}

lib/src/main/java/com/auth0/jwt/algorithms/HMACAlgorithm.java

Lines changed: 34 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,9 @@
1919

2020
package com.auth0.jwt.algorithms;
2121

22+
import com.auth0.jwk.Jwk;
23+
import com.auth0.jwk.JwkProvider;
24+
import com.auth0.jwk.UrlJwkProvider;
2225
import com.auth0.jwt.creators.EncodeType;
2326
import com.auth0.jwt.creators.JWTCreator;
2427
import com.auth0.jwt.exceptions.SignatureGenerationException;
@@ -30,12 +33,15 @@
3033
import org.apache.commons.codec.binary.Hex;
3134
import org.apache.commons.codec.binary.StringUtils;
3235

33-
import java.io.UnsupportedEncodingException;
36+
import java.io.*;
3437
import java.net.URLDecoder;
3538
import java.nio.charset.Charset;
3639
import java.nio.charset.StandardCharsets;
3740
import java.security.InvalidKeyException;
3841
import java.security.NoSuchAlgorithmException;
42+
import java.security.PublicKey;
43+
import java.security.cert.CertificateFactory;
44+
import java.security.cert.X509Certificate;
3945

4046
class HMACAlgorithm extends Algorithm {
4147

@@ -90,14 +96,40 @@ public void verify(DecodedJWT jwt, EncodeType encodeType) throws Exception {
9096
}
9197

9298
try {
99+
//String kid = jwt.getKeyId();
100+
String kid = "RkI5MjI5OUY5ODc1N0Q4QzM0OUYzNkVGMTJDOUEzQkFCOTU3NjE2Rg";
101+
JwkProvider provider = new UrlJwkProvider(new File("jwksRSA.json").toURI().toURL());
102+
Jwk jwk = provider.get(kid);
103+
//String cert = jwk.getCertificateChain().get(0);
104+
try (Writer writer = new BufferedWriter(new OutputStreamWriter(
105+
new FileOutputStream("jwks.cert"), "utf-8"))) {
106+
writer.write("-----BEGIN CERTIFICATE-----");
107+
writer.append("\n"+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGbXWiK3dQTyCbX5xdE4\n" +
108+
"yCuYp0AF2d15Qq1JSXT/lx8CEcXb9RbDddl8jGDv+spi5qPa8qEHiK7FwV2KpRE9\n" +
109+
"83wGPnYsAm9BxLFb4YrLYcDFOIGULuk2FtrPS512Qea1bXASuvYXEpQNpGbnTGVs\n" +
110+
"WXI9C+yjHztqyL2h8P6mlThPY9E9ue2fCqdgixfTFIF9Dm4SLHbphUS2iw7w1JgT\n" +
111+
"69s7of9+I9l5lsJ9cozf1rxrXX4V1u/SotUuNB3Fp8oB4C1fLBEhSlMcUJirz1E8\n" +
112+
"AziMCxS+VrRPDM+zfvpIJg3JljAh3PJHDiLu902v9w+Iplu1WyoB2aPfitxEhRN0\n" +
113+
"YwIDAQAB" + "\n");
114+
writer.append("-----END CERTIFICATE-----");
115+
}
116+
CertificateFactory fact = CertificateFactory.getInstance("X.509");
117+
FileInputStream is = new FileInputStream ("jwks.cert");
118+
X509Certificate cer = (X509Certificate) fact.generateCertificate(is);
119+
PublicKey publicKey = cer.getPublicKey();
120+
121+
if (publicKey == null) {
122+
throw new IllegalStateException("The given Public Key is null.");
123+
}
124+
93125
//need to add fucntionality to pass in secret or pass in x509 public key
94126
//jwks uri
95127
boolean valid = crypto.verifySignatureFor(getDescription(), secret, contentBytes, signatureBytes);
96128
if (!valid) {
97129
throw new SignatureVerificationException(this);
98130
}
99131
} catch (IllegalStateException | InvalidKeyException | NoSuchAlgorithmException e) {
100-
throw new SignatureVerificationException(this, e);
132+
throw new SignatureVerificationException(this, e);
101133
}
102134
}
103135

lib/src/main/java/com/auth0/jwt/algorithms/PemUtils.java

Lines changed: 106 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,106 @@
1+
package com.auth0.jwt.algorithms;
2+
// Copyright (c) 2017 The Authors of 'JWTS for Java'
3+
//
4+
// Permission is hereby granted, free of charge, to any person obtaining a copy of
5+
// this software and associated documentation files (the "Software"), to deal in
6+
// the Software without restriction, including without limitation the rights to
7+
// use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
8+
// the Software, and to permit persons to whom the Software is furnished to do so,
9+
// subject to the following conditions:
10+
//
11+
// The above copyright notice and this permission notice shall be included in all
12+
// copies or substantial portions of the Software.
13+
//
14+
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15+
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16+
// FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17+
// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18+
// IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19+
// CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20+
21+
import org.bouncycastle.util.io.pem.PemObject;
22+
import org.bouncycastle.util.io.pem.PemReader;
23+
24+
import java.io.File;
25+
import java.io.FileNotFoundException;
26+
import java.io.FileReader;
27+
import java.io.IOException;
28+
import java.security.KeyFactory;
29+
import java.security.NoSuchAlgorithmException;
30+
import java.security.PrivateKey;
31+
import java.security.PublicKey;
32+
import java.security.spec.EncodedKeySpec;
33+
import java.security.spec.InvalidKeySpecException;
34+
import java.security.spec.PKCS8EncodedKeySpec;
35+
import java.security.spec.X509EncodedKeySpec;
36+
37+
import org.bouncycastle.util.io.pem.PemObject;
38+
import org.bouncycastle.util.io.pem.PemReader;
39+
40+
import java.io.File;
41+
import java.io.FileNotFoundException;
42+
import java.io.FileReader;
43+
import java.io.IOException;
44+
import java.security.KeyFactory;
45+
import java.security.NoSuchAlgorithmException;
46+
import java.security.PrivateKey;
47+
import java.security.PublicKey;
48+
import java.security.spec.EncodedKeySpec;
49+
import java.security.spec.InvalidKeySpecException;
50+
import java.security.spec.PKCS8EncodedKeySpec;
51+
import java.security.spec.X509EncodedKeySpec;
52+
53+
public class PemUtils {
54+
55+
private static byte[] parsePEMFile(File pemFile) throws IOException {
56+
if (!pemFile.isFile() || !pemFile.exists()) {
57+
throw new FileNotFoundException(String.format("The file '%s' doesn't exist.", pemFile.getAbsolutePath()));
58+
}
59+
PemReader reader = new PemReader(new FileReader(pemFile));
60+
PemObject pemObject = reader.readPemObject();
61+
byte[] content = pemObject.getContent();
62+
reader.close();
63+
return content;
64+
}
65+
66+
private static PublicKey getPublicKey(byte[] keyBytes, String algorithm) {
67+
PublicKey publicKey = null;
68+
try {
69+
KeyFactory kf = KeyFactory.getInstance(algorithm);
70+
EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
71+
publicKey = kf.generatePublic(keySpec);
72+
} catch (NoSuchAlgorithmException e) {
73+
System.out.println("Could not reconstruct the public key, the given algorithm could not be found.");
74+
} catch (InvalidKeySpecException e) {
75+
System.out.println("Could not reconstruct the public key");
76+
}
77+
78+
return publicKey;
79+
}
80+
81+
private static PrivateKey getPrivateKey(byte[] keyBytes, String algorithm) {
82+
PrivateKey privateKey = null;
83+
try {
84+
KeyFactory kf = KeyFactory.getInstance(algorithm);
85+
EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
86+
privateKey = kf.generatePrivate(keySpec);
87+
} catch (NoSuchAlgorithmException e) {
88+
System.out.println("Could not reconstruct the private key, the given algorithm could not be found.");
89+
} catch (InvalidKeySpecException e) {
90+
System.out.println("Could not reconstruct the private key");
91+
}
92+
93+
return privateKey;
94+
}
95+
96+
public static PublicKey readPublicKeyFromFile(String filepath, String algorithm) throws IOException {
97+
byte[] bytes = PemUtils.parsePEMFile(new File(filepath));
98+
return PemUtils.getPublicKey(bytes, algorithm);
99+
}
100+
101+
public static PrivateKey readPrivateKeyFromFile(String filepath, String algorithm) throws IOException {
102+
byte[] bytes = PemUtils.parsePEMFile(new File(filepath));
103+
return PemUtils.getPrivateKey(bytes, algorithm);
104+
}
105+
106+
}

0 commit comments

Comments
 (0)