Commit d7e37193 authored by michael.simon's avatar michael.simon
Browse files

change certs controller for oidc to include "use":"sig" on certs

parent 14d35154
package edu.kit.scc.webreg.oauth;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.inject.Inject;
......@@ -17,9 +22,12 @@ import javax.ws.rs.core.MediaType;
import org.slf4j.Logger;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.util.Base64;
import com.nimbusds.jose.util.Base64URL;
import edu.kit.scc.webreg.entity.oidc.OidcOpConfigurationEntity;
import edu.kit.scc.webreg.service.oidc.OidcOpConfigurationService;
......@@ -55,21 +63,41 @@ public class OidcCertsController {
List<JWK> jwkList = new ArrayList<JWK>();
if (opConfig.getCertificate() != null && !(opConfig.getCertificate().equals(""))) {
X509Certificate certificate = cryptoHelper.getCertificate(opConfig.getCertificate());
JWK jwk = JWK.parse(certificate);
jwkList.add(jwk);
X509Certificate cert = cryptoHelper.getCertificate(opConfig.getCertificate());
RSAPublicKey publicKey = (RSAPublicKey) cert.getPublicKey();
MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
RSAKey rsaKey = new RSAKey.Builder(publicKey)
.keyUse(KeyUse.SIGNATURE)
.keyID(cert.getSerialNumber().toString(10))
.x509CertChain(Collections.singletonList(Base64.encode(cert.getEncoded())))
.x509CertSHA256Thumbprint(Base64URL.encode(sha256.digest(cert.getEncoded())))
.build();
jwkList.add(rsaKey);
}
if (opConfig.getStandbyCertificate() != null && !(opConfig.getStandbyCertificate().equals(""))) {
X509Certificate certificate = cryptoHelper.getCertificate(opConfig.getStandbyCertificate());
JWK jwk = JWK.parse(certificate);
jwkList.add(jwk);
X509Certificate cert = cryptoHelper.getCertificate(opConfig.getStandbyCertificate());
RSAPublicKey publicKey = (RSAPublicKey) cert.getPublicKey();
MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
RSAKey rsaKey = new RSAKey.Builder(publicKey)
.keyUse(KeyUse.SIGNATURE)
.keyID(cert.getSerialNumber().toString(10))
.x509CertChain(Collections.singletonList(Base64.encode(cert.getEncoded())))
.x509CertSHA256Thumbprint(Base64URL.encode(sha256.digest(cert.getEncoded())))
.build();
jwkList.add(rsaKey);
}
JWKSet jwkSet = new JWKSet(jwkList);
return jwkSet.toString(true);
//return jwkSet.toJSONObject(true);
} catch (JOSEException e) {
} catch (NoSuchAlgorithmException | CertificateEncodingException e) {
throw new OidcAuthenticationException(e);
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment