at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil.java Source code

Java tutorial

  1. HOME
  2. Java
  3. at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil.java

Introduction

Here is the source code for at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil.java

Source

/*******************************************************************************
 * Copyright 2014 Federal Chancellery Austria
 * MOA-ID has been developed in a cooperation between BRZ, the Federal
 * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 *
 * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 * the European Commission - subsequent versions of the EUPL (the "Licence");
 * You may not use this work except in compliance with the Licence.
 * You may obtain a copy of the Licence at:
 * http://www.osor.eu/eupl/
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the Licence is distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the Licence for the specific language governing permissions and
 * limitations under the Licence.
 *
 * This product combines work with different licenses. See the "NOTICE" text
 * file for details on the various modules and licenses.
 * The "NOTICE" text file is part of the distribution. Any derivative works
 * that you distribute must include a readable copy of the "NOTICE" text file.
 *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.oauth20.json;

import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;

import org.apache.commons.lang.StringUtils;
import org.opensaml.xml.security.x509.BasicX509Credential;

import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Configuration;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20CertificateErrorException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.KeyStoreUtils;

public final class OAuth20SignatureUtil {

    private OAuth20SignatureUtil() {
        throw new InstantiationError();
    }

    static OAuthSignatureAlgorithm findSignature(final PrivateKey key) {
        Logger.debug("OAuth - Looking for signature for key " + key.getClass());
        if (key instanceof RSAPrivateKey) {
            Logger.debug("OAuth - going to uses SHA256withRSA signature");
            return OAuthSignatureAlgorithm.RS256;
        } else if (key instanceof ECPrivateKey) {
            Logger.debug("OAuth - going to uses SHA256withECDSA signature");
            return OAuthSignatureAlgorithm.ECDSA256;
        } else if (key instanceof iaik.security.ecc.ecdsa.ECPrivateKey) {
            Logger.debug("OAuth - going to uses SHA256withECDSA signature with iaik");
            return OAuthSignatureAlgorithm.ECDSA256_IAKIK;
        } else {
            throw new IllegalStateException("Cannot find an alorithm for the given private key");
        }
    }

    static OAuthSignatureAlgorithm findSignature(final PublicKey key) {
        if (key instanceof RSAPublicKey) {
            Logger.debug("OAuth - going to uses SHA256withRSA signature");
            return OAuthSignatureAlgorithm.RS256;
        } else if (key instanceof ECPublicKey) {
            Logger.debug("OAuth - going to uses SHA256withECDSA signature");
            return OAuthSignatureAlgorithm.ECDSA256;
        } else if (key instanceof iaik.security.ecc.ecdsa.ECPublicKey) {
            Logger.debug("OAuth - going to uses SHA256withECDSA signature with iaik");
            return OAuthSignatureAlgorithm.ECDSA256_IAKIK;
        } else {
            throw new IllegalStateException("Cannot find an alorithm for the given private key");
        }
    }

    public static OAuthSigner loadSigner(String issuer) throws OAuth20Exception {
        OAuth20Configuration globalConfig = OAuth20Configuration.getInstance();

        if (StringUtils.isEmpty(globalConfig.getJWTKeyStore())) {
            throw new OAuth20CertificateErrorException("keystore");
        }

        if (StringUtils.isEmpty(globalConfig.getJWTKeyName())) {
            throw new OAuth20CertificateErrorException("key name");
        }

        try {
            KeyStore ks = KeyStoreUtils.loadKeyStore(globalConfig.getJWTKeyStore(),
                    globalConfig.getJWTKeyStorePassword());

            X509Certificate certificate = (X509Certificate) ks.getCertificate(globalConfig.getJWTKeyName());

            PrivateKey privateKey = (PrivateKey) ks.getKey(globalConfig.getJWTKeyName(),
                    globalConfig.getJWTKeyPassword().toCharArray());
            BasicX509Credential credential = new BasicX509Credential();
            credential.setEntityCertificate(certificate);
            credential.setPrivateKey(privateKey);

            // Logger.debug("Going to use X509Certificate:");
            // Logger.debug(certificate);
            // Logger.debug("Going to use private key:");
            // Logger.debug(privateKey);

            return new OAuth20SHA256Signer(issuer, globalConfig.getJWTKeyName(), credential.getPrivateKey());

        } catch (Exception e) {
            Logger.error(e.getMessage(), e);
            throw new OAuth20CertificateErrorException("keystore");
        }

    }
}