gluu
公開メンバ関数 | 静的公開メンバ関数 | 限定公開メンバ関数 | 静的限定公開変数類 | 非公開変数類 | 全メンバ一覧
org.xdi.oxauth.model.crypto.OxElevenCryptoProvider クラス
org.xdi.oxauth.model.crypto.OxElevenCryptoProvider の継承関係図
Inheritance graph
org.xdi.oxauth.model.crypto.OxElevenCryptoProvider 連携図
Collaboration graph

公開メンバ関数

 OxElevenCryptoProvider (String generateKeyEndpoint, String signEndpoint, String verifySignatureEndpoint, String deleteKeyEndpoint, String accessToken)
 
JSONObject generateKey (SignatureAlgorithm signatureAlgorithm, Long expirationTime) throws Exception
 
String sign (String signingInput, String keyId, String shardSecret, SignatureAlgorithm signatureAlgorithm) throws Exception
 
boolean verifySignature (String signingInput, String encodedSignature, String keyId, JSONObject jwks, String sharedSecret, SignatureAlgorithm signatureAlgorithm) throws Exception
 
boolean deleteKey (String keyId) throws Exception
 
String getKeyId (JSONWebKeySet jsonWebKeySet, SignatureAlgorithm signatureAlgorithm, Use use) throws Exception
 
JwksRequestParam getJwksRequestParam (JSONObject jwkJsonObject) throws JSONException
 
PublicKey getPublicKey (String alias, JSONObject jwks) throws Exception
 

静的公開メンバ関数

static JSONObject generateJwks (int keyRegenerationInterval, int idTokenLifeTime, AppConfiguration configuration) throws Exception
 

限定公開メンバ関数

void checkKeyExpiration (String alias, Long expirationTime)
 

静的限定公開変数類

static final Logger LOG = Logger.getLogger(AbstractCryptoProvider.class)
 

非公開変数類

String generateKeyEndpoint
 
String signEndpoint
 
String verifySignatureEndpoint
 
String deleteKeyEndpoint
 
String accessToken
 

詳解

著者
Javier Rojas Blum
バージョン
December 4, 2017

構築子と解体子

◆ OxElevenCryptoProvider()

org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.OxElevenCryptoProvider ( String  generateKeyEndpoint,
String  signEndpoint,
String  verifySignatureEndpoint,
String  deleteKeyEndpoint,
String  accessToken 
)
inline
27  {
28  this.generateKeyEndpoint = generateKeyEndpoint;
29  this.signEndpoint = signEndpoint;
30  this.verifySignatureEndpoint = verifySignatureEndpoint;
31  this.deleteKeyEndpoint = deleteKeyEndpoint;
32  this.accessToken = accessToken;
33  }
org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.accessToken
String accessToken
Definition: OxElevenCryptoProvider.java:24
org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.deleteKeyEndpoint
String deleteKeyEndpoint
Definition: OxElevenCryptoProvider.java:23
org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.generateKeyEndpoint
String generateKeyEndpoint
Definition: OxElevenCryptoProvider.java:20
org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.signEndpoint
String signEndpoint
Definition: OxElevenCryptoProvider.java:21
org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.verifySignatureEndpoint
String verifySignatureEndpoint
Definition: OxElevenCryptoProvider.java:22

関数詳解

◆ checkKeyExpiration()

void org.xdi.oxauth.model.crypto.AbstractCryptoProvider.checkKeyExpiration ( String  alias,
Long  expirationTime 
)
inlineprotectedinherited
174  {
175  try {
176  Date expirationDate = new Date(expirationTime);
177  SimpleDateFormat ft = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
178  Date today = new Date();
179  long DateDiff = expirationTime - today.getTime();
180  long expiresIn = DateDiff / (24 * 60 * 60 * 1000);
181  if (expiresIn <= 0) {
182  LOG.warn("\nWARNING! Expired Key with alias: " + alias
183  + "\n\tExpires On: " + ft.format(expirationDate)
184  + "\n\tToday's Date: " + ft.format(today));
185  } else if (expiresIn <= 100) {
186  LOG.warn("\nWARNING! Key with alias: " + alias
187  + "\n\tExpires In: " + expiresIn + " days"
188  + "\n\tExpires On: " + ft.format(expirationDate)
189  + "\n\tToday's Date: " + ft.format(today));
190  }
191  } catch (Exception e) {
192  e.printStackTrace();
193  }
194  }
org.xdi.oxauth.model.crypto.AbstractCryptoProvider.LOG
static final Logger LOG
Definition: AbstractCryptoProvider.java:46

◆ deleteKey()

boolean org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.deleteKey ( String  keyId) throws Exception
inline
98  {
99  DeleteKeyRequest request = new DeleteKeyRequest();
100  request.setAlias(keyId);
101  request.setAccessToken(accessToken);
102 
103  DeleteKeyClient client = new DeleteKeyClient(deleteKeyEndpoint);
104  client.setRequest(request);
105 
106  DeleteKeyResponse response = client.exec();
107  if (response.getStatus() == org.apache.http.HttpStatus.SC_OK) {
108  return response.isDeleted();
109  } else {
110  throw new Exception(response.getEntity());
111  }
112  }
org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.accessToken
String accessToken
Definition: OxElevenCryptoProvider.java:24
org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.deleteKeyEndpoint
String deleteKeyEndpoint
Definition: OxElevenCryptoProvider.java:23

◆ generateJwks()

static JSONObject org.xdi.oxauth.model.crypto.AbstractCryptoProvider.generateJwks ( int  keyRegenerationInterval,
int  idTokenLifeTime,
AppConfiguration  configuration 
) throws Exception
inlinestaticinherited
88  {
89  JSONArray keys = new JSONArray();
90 
91  GregorianCalendar expirationTime = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
92  expirationTime.add(GregorianCalendar.HOUR, keyRegenerationInterval);
93  expirationTime.add(GregorianCalendar.SECOND, idTokenLifeTime);
94 
95  AbstractCryptoProvider cryptoProvider = CryptoProviderFactory.getCryptoProvider(configuration);
96 
97  try {
98  keys.put(cryptoProvider.generateKey(SignatureAlgorithm.RS256, expirationTime.getTimeInMillis()));
99  } catch (Exception ex) {
100  }
101 
102  try {
103  keys.put(cryptoProvider.generateKey(SignatureAlgorithm.RS384, expirationTime.getTimeInMillis()));
104  } catch (Exception ex) {
105  }
106 
107  try {
108  keys.put(cryptoProvider.generateKey(SignatureAlgorithm.RS512, expirationTime.getTimeInMillis()));
109  } catch (Exception ex) {
110  }
111 
112  try {
113  keys.put(cryptoProvider.generateKey(SignatureAlgorithm.ES256, expirationTime.getTimeInMillis()));
114  } catch (Exception ex) {
115  }
116 
117  try {
118  keys.put(cryptoProvider.generateKey(SignatureAlgorithm.ES384, expirationTime.getTimeInMillis()));
119  } catch (Exception ex) {
120  }
121 
122  try {
123  keys.put(cryptoProvider.generateKey(SignatureAlgorithm.ES512, expirationTime.getTimeInMillis()));
124  } catch (Exception ex) {
125  }
126 
127  JSONObject jsonObject = new JSONObject();
128  jsonObject.put(JSON_WEB_KEY_SET, keys);
129 
130  return jsonObject;
131  }

◆ generateKey()

JSONObject org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.generateKey ( SignatureAlgorithm  signatureAlgorithm,
Long  expirationTime 
) throws Exception
inline
36  {
37  GenerateKeyRequest request = new GenerateKeyRequest();
38  request.setSignatureAlgorithm(signatureAlgorithm.getName());
39  request.setExpirationTime(expirationTime);
40  request.setAccessToken(accessToken);
41 
42  GenerateKeyClient client = new GenerateKeyClient(generateKeyEndpoint);
43  client.setRequest(request);
44 
45  GenerateKeyResponse response = client.exec();
46  if (response.getStatus() == HttpStatus.SC_OK && response.getKeyId() != null) {
47  return response.getJSONEntity();
48  } else {
49  throw new Exception(response.getEntity());
50  }
51  }
org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.accessToken
String accessToken
Definition: OxElevenCryptoProvider.java:24
org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.generateKeyEndpoint
String generateKeyEndpoint
Definition: OxElevenCryptoProvider.java:20

◆ getJwksRequestParam()

JwksRequestParam org.xdi.oxauth.model.crypto.AbstractCryptoProvider.getJwksRequestParam ( JSONObject  jwkJsonObject) throws JSONException
inlineinherited
66  {
67  JwksRequestParam jwks = new JwksRequestParam();
68  jwks.setKeyRequestParams(new ArrayList<KeyRequestParam>());
69 
70  KeyRequestParam key = new KeyRequestParam();
71  key.setAlg(jwkJsonObject.getString(ALGORITHM));
72  key.setKid(jwkJsonObject.getString(KEY_ID));
73  key.setUse(jwkJsonObject.getString(KEY_USE));
74  key.setKty(jwkJsonObject.getString(KEY_TYPE));
75 
76  key.setN(jwkJsonObject.optString(MODULUS));
77  key.setE(jwkJsonObject.optString(EXPONENT));
78 
79  key.setCrv(jwkJsonObject.optString(CURVE));
80  key.setX(jwkJsonObject.optString(X));
81  key.setY(jwkJsonObject.optString(Y));
82 
83  jwks.getKeyRequestParams().add(key);
84 
85  return jwks;
86  }

◆ getKeyId()

String org.xdi.oxauth.model.crypto.AbstractCryptoProvider.getKeyId ( JSONWebKeySet  jsonWebKeySet,
SignatureAlgorithm  signatureAlgorithm,
Use  use 
) throws Exception
inlineinherited
56  {
57  for (JSONWebKey key : jsonWebKeySet.getKeys()) {
58  if (signatureAlgorithm == key.getAlg() && (use == null || use == key.getUse())) {
59  return key.getKid();
60  }
61  }
62 
63  return null;
64  }

◆ getPublicKey()

PublicKey org.xdi.oxauth.model.crypto.AbstractCryptoProvider.getPublicKey ( String  alias,
JSONObject  jwks 
) throws Exception
inlineinherited
133  {
134  java.security.PublicKey publicKey = null;
135 
136  JSONArray webKeys = jwks.getJSONArray(JSON_WEB_KEY_SET);
137  for (int i = 0; i < webKeys.length(); i++) {
138  JSONObject key = webKeys.getJSONObject(i);
139  if (alias.equals(key.getString(KEY_ID))) {
140  SignatureAlgorithmFamily family = null;
141  if (key.has(ALGORITHM)) {
142  SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.fromString(key.optString(ALGORITHM));
143  family = signatureAlgorithm.getFamily();
144  } else if (key.has(KEY_TYPE)) {
145  family = SignatureAlgorithmFamily.fromString(key.getString(KEY_TYPE));
146  }
147 
148  if (SignatureAlgorithmFamily.RSA.equals(family)) {
149  publicKey = new RSAPublicKeyImpl(
150  new BigInteger(1, Base64Util.base64urldecode(key.getString(MODULUS))),
151  new BigInteger(1, Base64Util.base64urldecode(key.getString(EXPONENT))));
152  } else if (SignatureAlgorithmFamily.EC.equals(family)) {
153  ECEllipticCurve curve = ECEllipticCurve.fromString(key.optString(CURVE));
154  AlgorithmParameters parameters = AlgorithmParameters.getInstance(SignatureAlgorithmFamily.EC.toString());
155  parameters.init(new ECGenParameterSpec(curve.getAlias()));
156  ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class);
157 
158  publicKey = KeyFactory.getInstance(SignatureAlgorithmFamily.EC.toString()).generatePublic(new ECPublicKeySpec(
159  new ECPoint(
160  new BigInteger(1, Base64Util.base64urldecode(key.getString(X))),
161  new BigInteger(1, Base64Util.base64urldecode(key.getString(Y)))
162  ), ecParameters));
163  }
164 
165  if (key.has(EXPIRATION_TIME)) {
166  checkKeyExpiration(alias, key.getLong(EXPIRATION_TIME));
167  }
168  }
169  }
170 
171  return publicKey;
172  }
org.xdi.oxauth.model.crypto.AbstractCryptoProvider.checkKeyExpiration
void checkKeyExpiration(String alias, Long expirationTime)
Definition: AbstractCryptoProvider.java:174

◆ sign()

String org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.sign ( String  signingInput,
String  keyId,
String  shardSecret,
SignatureAlgorithm  signatureAlgorithm 
) throws Exception
inline
54  {
55  SignRequest request = new SignRequest();
56  request.getSignRequestParam().setSigningInput(signingInput);
57  request.getSignRequestParam().setAlias(keyId);
58  request.getSignRequestParam().setSharedSecret(shardSecret);
59  request.getSignRequestParam().setSignatureAlgorithm(signatureAlgorithm.getName());
60  request.setAccessToken(accessToken);
61 
62  SignClient client = new SignClient(signEndpoint);
63  client.setRequest(request);
64 
65  SignResponse response = client.exec();
66  if (response.getStatus() == HttpStatus.SC_OK && response.getSignature() != null) {
67  return response.getSignature();
68  } else {
69  throw new Exception(response.getEntity());
70  }
71  }
org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.accessToken
String accessToken
Definition: OxElevenCryptoProvider.java:24
org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.signEndpoint
String signEndpoint
Definition: OxElevenCryptoProvider.java:21

◆ verifySignature()

boolean org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.verifySignature ( String  signingInput,
String  encodedSignature,
String  keyId,
JSONObject  jwks,
String  sharedSecret,
SignatureAlgorithm  signatureAlgorithm 
) throws Exception
inline
74  {
75  VerifySignatureRequest request = new VerifySignatureRequest();
76  request.getVerifySignatureRequestParam().setSigningInput(signingInput);
77  request.getVerifySignatureRequestParam().setSignature(encodedSignature);
78  request.getVerifySignatureRequestParam().setAlias(keyId);
79  request.getVerifySignatureRequestParam().setSharedSecret(sharedSecret);
80  request.getVerifySignatureRequestParam().setSignatureAlgorithm(signatureAlgorithm.getName());
81  request.setAccessToken(accessToken);
82  if (jwks != null) {
83  request.getVerifySignatureRequestParam().setJwksRequestParam(getJwksRequestParam(jwks));
84  }
85 
86  VerifySignatureClient client = new VerifySignatureClient(verifySignatureEndpoint);
87  client.setRequest(request);
88 
89  VerifySignatureResponse response = client.exec();
90  if (response.getStatus() == HttpStatus.SC_OK) {
91  return response.isVerified();
92  } else {
93  throw new Exception(response.getEntity());
94  }
95  }
org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.accessToken
String accessToken
Definition: OxElevenCryptoProvider.java:24
org.xdi.oxauth.model.crypto.AbstractCryptoProvider.getJwksRequestParam
JwksRequestParam getJwksRequestParam(JSONObject jwkJsonObject)
Definition: AbstractCryptoProvider.java:66
org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.verifySignatureEndpoint
String verifySignatureEndpoint
Definition: OxElevenCryptoProvider.java:22

メンバ詳解

◆ accessToken

String org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.accessToken
private

◆ deleteKeyEndpoint

String org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.deleteKeyEndpoint
private

◆ generateKeyEndpoint

String org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.generateKeyEndpoint
private

◆ LOG

final Logger org.xdi.oxauth.model.crypto.AbstractCryptoProvider.LOG = Logger.getLogger(AbstractCryptoProvider.class)
staticprotectedinherited

◆ signEndpoint

String org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.signEndpoint
private

◆ verifySignatureEndpoint

String org.xdi.oxauth.model.crypto.OxElevenCryptoProvider.verifySignatureEndpoint
private
このクラス詳解は次のファイルから抽出されました:
2018年09月30日(日) 14時46分09秒作成 - gluu / 構成:   doxygen 1.8.13