package com.solarisgroup.util; import com.nimbusds.jose.EncryptionMethod; import com.nimbusds.jose.JOSEException; import com.nimbusds.jose.JWEAlgorithm; import com.nimbusds.jose.JWEHeader; import com.nimbusds.jose.JWEObject; import com.nimbusds.jose.JWSAlgorithm; import com.nimbusds.jose.JWSHeader; import com.nimbusds.jose.Payload; import com.nimbusds.jose.crypto.DirectEncrypter; import com.nimbusds.jose.crypto.MACSigner; import com.nimbusds.jose.crypto.RSAEncrypter; import com.nimbusds.jose.crypto.RSASSASigner; import com.nimbusds.jose.jwk.JWK; import com.nimbusds.jose.jwk.RSAKey; import com.nimbusds.jwt.EncryptedJWT; import com.nimbusds.jwt.JWTClaimsSet; import com.nimbusds.jwt.SignedJWT; import lombok.AccessLevel; import lombok.RequiredArgsConstructor; @RequiredArgsConstructor(access = AccessLevel.PRIVATE) public class JWTUtil { // public static String generateEncryptedAsymmetricToken(String keyFileName, JWTClaimsSet claimsSet) // throws JOSEException { // var encryptionKey = FileUtil.readFile(keyFileName); // // var jweHeader = new JWEHeader.Builder(JWEAlgorithm.RSA_OAEP_256, EncryptionMethod.A128GCM) // .customParam("iss", "A") // .build(); // // var encryptedJWT = new EncryptedJWT(jweHeader, claimsSet); // // var rsaPubKey = RSAKey.parseFromPEMEncodedObjects(encryptionKey).toRSAKey(); // // encryptedJWT.encrypt(new RSAEncrypter(rsaPubKey)); // // return encryptedJWT.serialize(); // } public static String generateEncryptedAsymmetricToken(String keyFileName, String issuer, SignedJWT signedJWT) throws JOSEException { var encryptionKey = FileUtil.readFile(keyFileName); var jweHeader = new JWEHeader.Builder(JWEAlgorithm.RSA_OAEP_256, EncryptionMethod.A128GCM) .customParam("iss", issuer) .build(); JWEObject jweObject = new JWEObject(jweHeader, new Payload(signedJWT)); var rsaPubKey = RSAKey.parseFromPEMEncodedObjects(encryptionKey).toRSAKey(); jweObject.encrypt(new RSAEncrypter(rsaPubKey)); return jweObject.serialize(); } public static SignedJWT generateAsymmetricToken(String keyFileName, JWTClaimsSet claimsSet) throws JOSEException { var adacHandoverPrivateKey = FileUtil.readFile(keyFileName); var jwk = JWK.parseFromPEMEncodedObjects(adacHandoverPrivateKey); var signer = new RSASSASigner(jwk.toRSAKey()); var header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(jwk.getKeyID()).build(); var signedJWT = new SignedJWT(header, claimsSet); signedJWT.sign(signer); return signedJWT; } public static String generateSymmetricToken(String signingKey, JWTClaimsSet claimsSet) throws JOSEException { var signer = new MACSigner(signingKey); var signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet); signedJWT.sign(signer); return signedJWT.serialize(); } }