Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
FIT-Connect-SDK - Java
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
FIT-Connect
FIT-Connect-SDK - Java
Merge requests
!211
#664 Test JWK Generator
Code
Review changes
Check out branch
Download
Patches
Plain diff
Merged
#664 Test JWK Generator
feature/664-test-cert-generator
into
main
Overview
0
Commits
27
Pipelines
0
Changes
1
Merged
Martin Vogel
requested to merge
feature/664-test-cert-generator
into
main
1 year ago
Overview
0
Commits
27
Pipelines
0
Changes
1
Expand
Closes
planning#664 (closed)
0
0
Merge request reports
Viewing commit
0db0719d
Prev
Next
Show latest version
1 file
+
95
−
0
Inline
Compare changes
Side-by-side
Inline
Show whitespace changes
Show one file at a time
0db0719d
feature(#664): init test key generator for encryption and decryption
· 0db0719d
Martin Vogel
authored
1 year ago
cli/src/main/java/dev/fitko/fitconnect/cli/util/JWKGenerator.java
0 → 100644
+
95
−
0
Options
package
dev.fitko.fitconnect.cli.util
;
import
com.nimbusds.jose.JOSEException
;
import
com.nimbusds.jose.JWEAlgorithm
;
import
com.nimbusds.jose.jwk.JWK
;
import
com.nimbusds.jose.jwk.JWKSet
;
import
com.nimbusds.jose.jwk.KeyOperation
;
import
com.nimbusds.jose.jwk.RSAKey
;
import
org.bouncycastle.asn1.x500.X500Name
;
import
org.bouncycastle.cert.X509v3CertificateBuilder
;
import
org.bouncycastle.cert.jcajce.JcaX509CertificateConverter
;
import
org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder
;
import
org.bouncycastle.operator.ContentSigner
;
import
org.bouncycastle.operator.OperatorCreationException
;
import
org.bouncycastle.operator.jcajce.JcaContentSignerBuilder
;
import
java.math.BigInteger
;
import
java.security.KeyPair
;
import
java.security.KeyPairGenerator
;
import
java.security.NoSuchAlgorithmException
;
import
java.security.cert.CertificateException
;
import
java.security.cert.X509Certificate
;
import
java.security.interfaces.RSAPublicKey
;
import
java.time.Duration
;
import
java.time.Instant
;
import
java.util.Date
;
import
java.util.List
;
import
java.util.Set
;
import
java.util.UUID
;
/**
* JWK Test Key Generator.
*
* Generates public and private keys for encryption and signing
*/
public
class
JWKGenerator
{
public
static
void
main
(
final
String
[]
args
)
throws
NoSuchAlgorithmException
,
JOSEException
,
CertificateException
,
OperatorCreationException
{
final
JWKSet
encryptionKeySet
=
getEncryptionKeySet
();
}
private
static
JWKSet
getEncryptionKeySet
()
throws
NoSuchAlgorithmException
,
OperatorCreationException
,
CertificateException
,
JOSEException
{
final
KeyPair
keyPair
=
getKeyPair
();
final
X509Certificate
cert
=
getX509Certificate
(
keyPair
);
final
String
keyId
=
UUID
.
randomUUID
().
toString
();
final
JWK
publicKey
=
new
RSAKey
.
Builder
((
RSAPublicKey
)
keyPair
.
getPublic
())
.
privateKey
(
keyPair
.
getPrivate
())
.
keyID
(
keyId
)
.
keyOperations
(
Set
.
of
(
KeyOperation
.
WRAP_KEY
))
.
algorithm
(
JWEAlgorithm
.
RSA_OAEP_256
)
.
x509CertChain
(
RSAKey
.
parse
(
cert
).
getX509CertChain
())
.
build
();
final
JWK
privateKey
=
new
RSAKey
.
Builder
((
RSAPublicKey
)
keyPair
.
getPublic
())
.
privateKey
(
keyPair
.
getPrivate
())
.
keyID
(
keyId
)
.
keyOperations
(
Set
.
of
(
KeyOperation
.
UNWRAP_KEY
))
.
algorithm
(
JWEAlgorithm
.
RSA_OAEP_256
)
.
build
();
return
new
JWKSet
(
List
.
of
(
publicKey
,
privateKey
));
}
private
static
X509Certificate
getX509Certificate
(
final
KeyPair
keyPair
)
throws
OperatorCreationException
,
CertificateException
{
final
Instant
now
=
Instant
.
now
();
final
Date
notBefore
=
Date
.
from
(
now
);
final
Date
notAfter
=
Date
.
from
(
now
.
plus
(
Duration
.
ofDays
(
365
*
10
)));
final
ContentSigner
contentSigner
=
new
JcaContentSignerBuilder
(
"SHA512withRSA"
).
build
(
keyPair
.
getPrivate
());
final
X500Name
x500Name
=
new
X500Name
(
"CN=localhost"
);
final
X500Name
x500Subject
=
new
X500Name
(
"C=Test"
);
final
X509v3CertificateBuilder
certificateBuilder
=
new
JcaX509v3CertificateBuilder
(
x500Name
,
BigInteger
.
valueOf
(
now
.
toEpochMilli
()),
notBefore
,
notAfter
,
x500Subject
,
keyPair
.
getPublic
());
return
new
JcaX509CertificateConverter
().
getCertificate
(
certificateBuilder
.
build
(
contentSigner
));
}
private
static
KeyPair
getKeyPair
()
throws
NoSuchAlgorithmException
{
final
KeyPairGenerator
keyPairGenerator
=
KeyPairGenerator
.
getInstance
(
"RSA"
);
keyPairGenerator
.
initialize
(
4096
);
return
keyPairGenerator
.
generateKeyPair
();
}
}
Loading
