Skip to content

Commit

Permalink
chore: add BouncyCastle provider to JWSSigner and JWSVerifier (#3804)
Browse files Browse the repository at this point in the history
  • Loading branch information
@paullatzelsperger
paullatzelsperger authored Jan 25, 2024
1 parent de44b6f commit b23d1bc
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 4 deletions.
19 changes: 17 additions & 2 deletions ...rypto/crypto-common/src/main/java/org/eclipse/edc/security/token/jwt/CryptoConverter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
import com.nimbusds.jose.crypto.Ed25519Verifier;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
Expand Down Expand Up @@ -101,7 +102,7 @@ private static String notSupportedError(String algorithm) {
public static JWSSigner createSignerFor(PrivateKey key) {
try {
return switch (key.getAlgorithm()) {
case ALGORITHM_EC -> new ECDSASigner((ECPrivateKey) key);
case ALGORITHM_EC -> getEcdsaSigner((ECPrivateKey) key);
case ALGORITHM_RSA -> new RSASSASigner(key);
case ALGORITHM_ECDSA, ALGORITHM_ED25519 -> createEdDsaVerifier(key);
default -> throw new IllegalArgumentException(notSupportedError(key.getAlgorithm()));
Expand All @@ -111,6 +112,13 @@ public static JWSSigner createSignerFor(PrivateKey key) {
}
}

@NotNull
private static ECDSASigner getEcdsaSigner(ECPrivateKey key) throws JOSEException {
var signer = new ECDSASigner(key);
signer.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
return signer;
}

/**
* Takes a Java {@link PublicKey} object and creates a corresponding Nimbus {@link JWSVerifier} for convenient use with JWTs.
* Note that currently only the following key types are supported:
Expand All @@ -129,7 +137,7 @@ public static JWSSigner createSignerFor(PrivateKey key) {
public static JWSVerifier createVerifierFor(PublicKey publicKey) {
try {
return switch (publicKey.getAlgorithm()) {
case ALGORITHM_EC -> new ECDSAVerifier((ECPublicKey) publicKey);
case ALGORITHM_EC -> getEcdsaVerifier((ECPublicKey) publicKey);
case ALGORITHM_RSA -> new RSASSAVerifier((RSAPublicKey) publicKey);
case ALGORITHM_ECDSA, ALGORITHM_ED25519 -> createEdDsaVerifier(publicKey);
default -> throw new IllegalArgumentException(notSupportedError(publicKey.getAlgorithm()));
Expand All @@ -139,6 +147,13 @@ public static JWSVerifier createVerifierFor(PublicKey publicKey) {
}
}

@NotNull
private static ECDSAVerifier getEcdsaVerifier(ECPublicKey publicKey) throws JOSEException {
var verifier = new ECDSAVerifier(publicKey);
verifier.getJCAContext().setProvider(BouncyCastleProviderSingleton.getInstance());
return verifier;
}

/**
* Converts a Java {@link KeyPair} into its JWK counterpart from Nimbus. Currently, only RSA, EC and EdDSA keys are supported, specifically:
* <ul>
Expand Down
9 changes: 7 additions & 2 deletions ...o/crypto-common/src/test/java/org/eclipse/edc/security/token/jwt/CryptoConverterTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import com.nimbusds.jose.crypto.Ed25519Verifier;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
Expand Down Expand Up @@ -95,7 +96,9 @@ void createSignerFor_rsaKey() throws NoSuchAlgorithmException {
void createSignerFor_ecKey() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
var pk = createEc();

assertThat(CryptoConverter.createSignerFor(pk.getPrivate())).isInstanceOf(ECDSASigner.class);
var signer = CryptoConverter.createSignerFor(pk.getPrivate());
assertThat(signer).isInstanceOf(ECDSASigner.class);
assertThat(signer.getJCAContext().getProvider()).isEqualTo(BouncyCastleProviderSingleton.getInstance());
}

@Test
Expand All @@ -119,7 +122,9 @@ void createVerifierFor_rsaKey() throws NoSuchAlgorithmException {
@Test
void createVerifierFor_ecKey() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
var pk = createEc().getPublic();
assertThat(CryptoConverter.createVerifierFor(pk)).isInstanceOf(ECDSAVerifier.class);
var verifier = CryptoConverter.createVerifierFor(pk);
assertThat(verifier).isInstanceOf(ECDSAVerifier.class);
assertThat(verifier.getJCAContext().getProvider()).isEqualTo(BouncyCastleProviderSingleton.getInstance());
}

@Test
Expand Down

0 comments on commit b23d1bc

Please sign in to comment.