org.jboss.resteasy.jose.jws.crypto.RSAProvider Maven / Gradle / Ivy
package org.jboss.resteasy.jose.jws.crypto;
import org.jboss.resteasy.jose.jws.Algorithm;
import org.jboss.resteasy.jose.jws.JWSInput;
import org.jboss.resteasy.jose.jws.util.PemUtils;
import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
/**
* @author Bill Burke
* @version $Revision: 1 $
*/
public class RSAProvider implements SignatureProvider {
public static String getJavaAlgorithm(Algorithm alg) {
switch (alg) {
case RS256:
return "SHA256withRSA";
case RS384:
return "SHA384withRSA";
case RS512:
return "SHA512withRSA";
default:
throw new IllegalArgumentException("Not an RSA Algorithm");
}
}
public static Signature getSignature(Algorithm alg) {
try {
return Signature.getInstance(getJavaAlgorithm(alg));
} catch (Exception e) {
throw new RuntimeException(e);
}
}
public static byte[] sign(byte[] data, Algorithm algorithm, PrivateKey privateKey) {
try {
Signature signature = getSignature(algorithm);
signature.initSign(privateKey);
signature.update(data);
return signature.sign();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
public static boolean verifyViaCertificate(JWSInput input, String cert) {
X509Certificate certificate = null;
try {
certificate = PemUtils.decodeCertificate(cert);
} catch (Exception e) {
throw new RuntimeException(e);
}
return verify(input, certificate.getPublicKey());
}
public static boolean verify(JWSInput input, PublicKey publicKey) {
try {
Signature verifier = getSignature(input.getHeader().getAlgorithm());
verifier.initVerify(publicKey);
verifier.update(input.getEncodedSignatureInput().getBytes(StandardCharsets.UTF_8));
return verifier.verify(input.getSignature());
} catch (Exception e) {
return false;
}
}
@Override
public boolean verify(JWSInput input, String key) {
return verifyViaCertificate(input, key);
}
}