// get private and vendor public key
final RSAPrivateKey lgPrivateKey = (RSAPrivateKey) GenerateJSONWebTokenUtil.getKey(
GenerateJSONWebTokenConstants.PRIVATE_KEY, generateJSONWebTokenRequest.getInteractionContext(),
lookup);
final Gson gsonHeader = new GsonBuilder().disableHtmlEscaping().create();
final String jsonHeaderString = gsonHeader.toJson(jwtHeaderVO);
JSONObject jsonObject = null;
jsonObject = new JSONObject(jwtPayloadVO -- some to object);
final StringBuilder signedJWS = signedJWTPayload(privateKey, configValue, jsonObject);
signedJWT = signedJWS.toString();
String encryptedtring = encryptJWS(signedJWT, vendorPublicKey, configValue, lookup);
success.setToken(signedJWT);
private static StringBuilder signedJWTPayload(final RSAPrivateKey privateKey, final ConfigPropertiesVO configValue,
JSONObject jsonObject) throws JOSEException {
final StringBuilder jwtForSignature = new StringBuilder();
/*
* jwtForSignature.append(new String(Base64.encode(jsonHeaderString.getBytes()))); jwtForSignature.append(".");
* jwtForSignature.append(new String(Base64.encode(jsonObject.toString().getBytes())));
*/
final String signedJWS = signJWS(jsonObject.toString(), privateKey, configValue);
LOGGER.debug("Signature : {} ", signedJWS);
// jwtForSignature.append(".");
jwtForSignature.append(signedJWS);
return jwtForSignature;
}
public static String signJWS(final String jwsObjectForSignature, final RSAPrivateKey privateKey,
final ConfigPropertiesVO configValue) throws JOSEException {
final JWSAlgorithm jwsAlgorithm = new JWSAlgorithm(configValue.getJwsAlgorithm());
final JWSObject jwsObject = new JWSObject(new JWSHeader(jwsAlgorithm), new Payload(jwsObjectForSignature));
// Create RSA-signer with the private key
final JWSSigner signer = new RSASSASigner(privateKey);
// Compute the RSA signature
jwsObject.sign(signer);
// Output to URL-safe format
return jwsObject.serialize();
}
public static Object getKey(final String keyType, final String interactionContext) {
Security.addProvider(new BouncyCastleProvider());
KeyFactory factory;
try {
factory = KeyFactory.getInstance(RSA, BC);
// generate private key
if (PRIVATE_KEY.equals(keyType)) {
final String privateKeyLocation = "/app/domain/keys/private_key_demo.pem";
return generatePrivateKey(factory, privateKeyLocation);
}
// generate vendor public key
else if (VENDOR_PUBLIC_KEY.equals(keyType)) {
final String publicKeyLocation = "some loc ";
return generatePublicKey(factory, publicKeyLocation);
}
} catch (final Exception e) {
}
return null;
}
private static RSAPrivateKey generatePrivateKey(final KeyFactory factory, final String filename)
throws InvalidKeySpecException, IOException {
final PemFileUtil pemFile = new PemFileUtil(filename);
final byte[] content = pemFile.getPemObject().getContent();
final PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(content);
return (RSAPrivateKey) factory.generatePrivate(privKeySpec);
}
public static RSAPublicKey generatePublicKey(final KeyFactory factory, final String filename)
throws InvalidKeySpecException, IOException {
final PemFileUtil pemFile = new PemFileUtil(filename);
final byte[] content = pemFile.getPemObject().getContent();
final X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(content);
return (RSAPublicKey) factory.generatePublic(pubKeySpec);
}
public static String encryptJWS(final String signedJWT, final RSAPublicKey vendorPublicKey,
final ConfigPropertiesVO configValue, ServiceConfigurationLookup lookup) {
configValue -- CONNECTAPP 1800 CompanyName RS256 RSA-EXTRA A1....
try {
Security.addProvider(new BouncyCastleProvider());
final JWEAlgorithm jweAlgorithm = new JWEAlgorithm(configValue.getJweAlgorithm(), Requirement.RECOMMENDED);
final EncryptionMethod encryptionMethod = new EncryptionMethod());
// create JWE Header for JWT object
final JWEHeader header = new JWEHeader.Builder(jweAlgorithm, encryptionMethod)
.contentType(JWT).build();
// create payload for JWT object
final Payload payload = new Payload(signedJWT);
final JWEObject jweObject = new JWEObject(header, payload);
// encrypt signedJWT using vendorPublicKey
final RSAEncrypter encrypter = new RSAEncrypter(vendorPublicKey);
jweObject.encrypt(encrypter);
return jweObject.serialize();
} catch (final Exception e) {
}
}
messageDigest = MessageDigest.getInstance(SHA-256);
final String sha256UserId = generateSHA256Hash(idValue, messageDigest);
request.setSubject(sha256UserId);
final String sha256UserId = generateSHA256Hash();
public static String generateSHA256Hash(final String userId, final MessageDigest messageDigest) {
// Creating SHA-256 hash for the generated password
return DatatypeConverter.printHexBinary(messageDigest.digest(userId.getBytes(StandardCharsets.UTF_8)));
}
No comments:
Post a Comment