Merge pull request #1 from longgt/feature/bump-deps

bump deps
longgt · Jun 6, 2024 · 6476c64 · 6476c64
2 parents 42c85ba + 209f686
commit 6476c64
Show file tree

Hide file tree

Showing 9 changed files with 84 additions and 45 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,19 +1,19 @@
 
 # Get the builder image
-FROM maven:3.8.6-openjdk-11 AS builder
+FROM maven:3.9.7-eclipse-temurin-17 AS builder
 COPY . /build
 WORKDIR /build
 # Build the app
-# Artifact will be stored at /build/target/json-web-key-generator-0.9-SNAPSHOT-jar-with-dependencies.jar
+# Artifact will be stored at /build/target/json-web-key-generator-1.0.0-SNAPSHOT-jar-with-dependencies.jar
 RUN mvn package
 
 # Build the image with the new .jar binary
 # We need a jre 11+ starter container for this
-FROM openjdk:11-jre-slim
+FROM eclipse-temurin:17-jre-focal
 ARG GIT_COMMIT=unspecified
 ARG GIT_TAG=unspecified
 LABEL org.opencontainers.image.authors="Besmir Zanaj"
 LABEL org.opencontainers.image.revision=$GIT_COMMIT
 LABEL org.opencontainers.image.version="$GIT_TAG"
-COPY --from=0 /build/target/json-web-key-generator-0.9-SNAPSHOT-jar-with-dependencies.jar ./json-web-key-generator.jar
+COPY --from=0 /build/target/json-web-key-generator-1.0.0-SNAPSHOT-jar-with-dependencies.jar ./json-web-key-generator.jar
 ENTRYPOINT ["java", "-jar", "json-web-key-generator.jar"]
diff --git a/README.md b/README.md
@@ -4,9 +4,9 @@ A commandline Java-based generator for JSON Web Keys (JWK) and JSON Private/Shar
 
 ## Standalone run
 
-To compile, run `mvn package`. This will generate a `json-web-key-generator-0.9-SNAPSHOT-jar-with-dependencies.jar` in the `/target` directory.
+To compile, run `mvn package`. This will generate a `json-web-key-generator-1.0.0-SNAPSHOT-jar-with-dependencies.jar` in the `/target` directory.
 
-To generate a key, run `java -jar target/json-web-key-generator-0.9-SNAPSHOT-jar-with-dependencies.jar -t <keytype>`. Several other arguments are defined which may be required depending on your key type:
+To generate a key, run `java -jar target/json-web-key-generator-1.0.0-SNAPSHOT-jar-with-dependencies.jar -t <keytype>`. Several other arguments are defined which may be required depending on your key type:
 
 ```
 usage: java -jar json-web-key-generator.jar -t <keyType> [options]
@@ -41,7 +41,7 @@ usage: java -jar json-web-key-generator.jar -t <keyType> [options]
 
 ## Docker
 
-### Build with docker 
+### Build with docker
 Example:
 
 

diff --git a/pom.xml b/pom.xml
@@ -3,24 +3,17 @@
 
 	<groupId>org.mitre</groupId>
 	<artifactId>json-web-key-generator</artifactId>
-	<version>0.9-SNAPSHOT</version>
+	<version>1.0.0-SNAPSHOT</version>
 	<packaging>jar</packaging>
 
 	<name>json-web-key-generator</name>
 	<url>http://maven.apache.org</url>
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <java.version>11</java.version>
+        <java.version>17</java.version>
 	</properties>
 
-	<scm>
-		<connection>scm:git:https://github.com/mitreid-connect/json-web-key-generator.git</connection>
-		<developerConnection>scm:git:[email protected]:mitreid-connect/json-web-key-generator.git</developerConnection>
-		<url>https://github.com/mitreid-connect/json-web-key-generator.git</url>
-		<tag>HEAD</tag>
-	</scm>
-
 	<parent>
 		<groupId>org.sonatype.oss</groupId>
 		<artifactId>oss-parent</artifactId>
@@ -91,7 +84,7 @@
 		<dependency>
 			<groupId>com.nimbusds</groupId>
 			<artifactId>nimbus-jose-jwt</artifactId>
-			<version>8.19</version>
+			<version>9.39.1</version>
 		</dependency>
 		<dependency>
 			<groupId>commons-cli</groupId>
@@ -106,17 +99,12 @@
 		<dependency>
 			<groupId>com.google.code.gson</groupId>
 			<artifactId>gson</artifactId>
-			<version>2.8.6</version>
-		</dependency>
-		<dependency>
-			<groupId>org.bouncycastle</groupId>
-			<artifactId>bcprov-jdk15on</artifactId>
-			<version>1.66</version>
+			<version>2.11.0</version>
 		</dependency>
 		<dependency>
 			<groupId>org.bouncycastle</groupId>
-			<artifactId>bcpkix-jdk15on</artifactId>
-			<version>1.66</version>
+			<artifactId>bcpkix-jdk18on</artifactId>
+			<version>1.78.1</version>
 		</dependency>
 	</dependencies>
 </project>
diff --git a/src/main/java/org/mitre/jose/jwk/ECKeyMaker.java b/src/main/java/org/mitre/jose/jwk/ECKeyMaker.java
@@ -10,11 +10,15 @@
 import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.ECPublicKey;
 import java.security.spec.ECParameterSpec;
+import java.util.LinkedHashMap;
 
 import com.nimbusds.jose.Algorithm;
 import com.nimbusds.jose.jwk.Curve;
 import com.nimbusds.jose.jwk.ECKey;
+import com.nimbusds.jose.jwk.JWKParameterNames;
+import com.nimbusds.jose.jwk.KeyType;
 import com.nimbusds.jose.jwk.KeyUse;
+import com.nimbusds.jose.util.Base64URL;
 
 /**
  * @author jricher
@@ -41,9 +45,18 @@ public static ECKey make(Curve crv, KeyUse keyUse, Algorithm keyAlg, KeyIdGenera
             ECPublicKey pub = (ECPublicKey) kp.getPublic();
             ECPrivateKey priv = (ECPrivateKey) kp.getPrivate();
 
+            Base64URL x = ECKey.encodeCoordinate(pub.getParams().getCurve().getField().getFieldSize(), pub.getW().getAffineX());
+            Base64URL y = ECKey.encodeCoordinate(pub.getParams().getCurve().getField().getFieldSize(), pub.getW().getAffineY());
+
+            LinkedHashMap<String, Object> requiredParams = new LinkedHashMap<>();
+            requiredParams.put(JWKParameterNames.ELLIPTIC_CURVE, crv.toString());
+            requiredParams.put(JWKParameterNames.KEY_TYPE, KeyType.EC.getValue());
+            requiredParams.put(JWKParameterNames.ELLIPTIC_CURVE_X_COORDINATE, x.toString());
+            requiredParams.put(JWKParameterNames.ELLIPTIC_CURVE_Y_COORDINATE, y.toString());
+
             ECKey ecKey = new ECKey.Builder(crv, pub)
                     .privateKey(priv)
-                    .keyID(kid.generate(keyUse, pub.getEncoded()))
+                    .keyID(kid.generate(requiredParams))
                     .algorithm(keyAlg)
                     .keyUse(keyUse)
                     .build();

diff --git a/src/main/java/org/mitre/jose/jwk/KeyIdGenerator.java b/src/main/java/org/mitre/jose/jwk/KeyIdGenerator.java
@@ -3,54 +3,64 @@
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 import java.util.List;
+import java.util.Map;
 import java.util.Optional;
-import java.util.function.BiFunction;
+import java.util.function.Function;
 
 import com.google.common.hash.Hashing;
+import com.nimbusds.jose.jwk.JWKParameterNames;
 import com.nimbusds.jose.jwk.KeyUse;
 import com.nimbusds.jose.util.Base64;
 import com.nimbusds.jose.util.Base64URL;
+import com.nimbusds.jose.util.JSONObjectUtils;
+import com.nimbusds.jose.util.StandardCharset;
 
 /**
  * @author jricher
  *
  */
 // KeyID generator functions
 public class KeyIdGenerator {
-	public static KeyIdGenerator TIMESTAMP = new KeyIdGenerator("timestamp", (use, pubKey) -> {
+    private static final String PUBLIC_KEY = "pub_key";
+
+    public static KeyIdGenerator TIMESTAMP = new KeyIdGenerator("timestamp", (params) -> {
+        KeyUse use = (KeyUse) params.get(JWKParameterNames.PUBLIC_KEY_USE);
 		return Optional.ofNullable(use).map(KeyUse::getValue).map(s -> s + "-").orElse("")
 			+ Instant.now().getEpochSecond();
 	});
 
-	public static KeyIdGenerator DATE = new KeyIdGenerator("date", (use, pubKey) -> {
+    public static KeyIdGenerator DATE = new KeyIdGenerator("date", (params) -> {
+        KeyUse use = (KeyUse) params.get(JWKParameterNames.PUBLIC_KEY_USE);
 		return Optional.ofNullable(use).map(KeyUse::getValue).map(s -> s + "-").orElse("")
 			+ Instant.now().truncatedTo(ChronoUnit.SECONDS).toString();
 	});
 
-	public static KeyIdGenerator SHA256 = new KeyIdGenerator("sha256", (use, pubKey) -> {
-		byte[] bytes = Hashing.sha256().hashBytes(pubKey).asBytes();
+    public static KeyIdGenerator SHA256 = new KeyIdGenerator("sha256", (params) -> {
+        final String json = JSONObjectUtils.toJSONString(params);
+        byte[] bytes = Hashing.sha256().hashBytes(json.getBytes(StandardCharset.UTF_8)).asBytes();
 		return Base64URL.encode(bytes).toString();
 	});
 
-	public static KeyIdGenerator SHA1 = new KeyIdGenerator("sha1", (use, pubKey) -> {
-		byte[] bytes = Hashing.sha1().hashBytes(pubKey).asBytes();
+    public static KeyIdGenerator SHA1 = new KeyIdGenerator("sha1", (params) -> {
+        final String json = JSONObjectUtils.toJSONString(params);
+        byte[] bytes = Hashing.sha1().hashBytes(json.getBytes(StandardCharset.UTF_8)).asBytes();
 		return Base64.encode(bytes).toString();
 	});
 
-	public static KeyIdGenerator NONE = new KeyIdGenerator("none", (use, pubKey) -> {
+    public static KeyIdGenerator NONE = new KeyIdGenerator("none", (params) -> {
 		return null;
 	});
 
 	private final String name;
-	private final BiFunction<KeyUse, byte[], String> fn;
+    private final Function<Map<String, Object>, String> fn;
 
-	public KeyIdGenerator(String name, BiFunction<KeyUse, byte[], String> fn) {
+    public KeyIdGenerator(String name, Function<Map<String, Object>, String> fn) {
 		this.name = name;
 		this.fn = fn;
 	}
 
-	public String generate(KeyUse keyUse, byte[] pubKey) {
-		return this.fn.apply(keyUse, pubKey);
+    public String generate(final Map<String, Object> params) {
+        return this.fn.apply(params);
 	}
 
 	public String getName() {
@@ -69,7 +79,7 @@ public static KeyIdGenerator get(String name) {
 	}
 
 	public static KeyIdGenerator specified(String kid) {
-		return new KeyIdGenerator(null, (u, p) -> kid);
+        return new KeyIdGenerator(null, (params) -> kid);
 	}
 }
 
diff --git a/src/main/java/org/mitre/jose/jwk/Launcher.java b/src/main/java/org/mitre/jose/jwk/Launcher.java
@@ -58,6 +58,7 @@
 import com.nimbusds.jose.jwk.JWKSet;
 import com.nimbusds.jose.jwk.KeyType;
 import com.nimbusds.jose.jwk.KeyUse;
+import com.nimbusds.jose.util.JSONObjectUtils;
 
 /**
  * Small Helper App to generate Json Web Keys
@@ -407,8 +408,8 @@ private static void writeKeyToFile(boolean keySet, String outFile, String pubOut
 			List<JWK> jwkList = new ArrayList<>(existingKeys);
 			jwkList.add(jwk);
 			JWKSet jwkSet = new JWKSet(jwkList);
-			json = JsonParser.parseString(jwkSet.toJSONObject(false).toJSONString());
-			pubJson = JsonParser.parseString(jwkSet.toJSONObject(true).toJSONString());
+            json = JsonParser.parseString(JSONObjectUtils.toJSONString(jwkSet.toJSONObject(false)));
+            pubJson = JsonParser.parseString(JSONObjectUtils.toJSONString(jwkSet.toJSONObject(true)));
 		} else {
 			json = JsonParser.parseString(jwk.toJSONString());
 			pubJson = JsonParser.parseString(jwk.toPublicJWK().toJSONString());
@@ -427,7 +428,7 @@ private static void writeKeyToFile(boolean keySet, String outFile, String pubOut
 	private static void printKey(boolean keySet, JWK jwk, Gson gson) {
 		if (keySet) {
 			JWKSet jwkSet = new JWKSet(jwk);
-			JsonElement json = JsonParser.parseString(jwkSet.toJSONObject(false).toJSONString());
+            JsonElement json = JsonParser.parseString(JSONObjectUtils.toJSONString(jwkSet.toJSONObject(false)));
 			System.out.println(gson.toJson(json));
 		} else {
 			JsonElement json = JsonParser.parseString(jwk.toJSONString());

diff --git a/src/main/java/org/mitre/jose/jwk/OKPKeyMaker.java b/src/main/java/org/mitre/jose/jwk/OKPKeyMaker.java
@@ -4,6 +4,7 @@
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.NoSuchAlgorithmException;
+import java.util.LinkedHashMap;
 
 import org.bouncycastle.asn1.ASN1BitString;
 import org.bouncycastle.asn1.ASN1OctetString;
@@ -12,6 +13,8 @@
 import com.nimbusds.jose.Algorithm;
 import com.nimbusds.jose.jwk.Curve;
 import com.nimbusds.jose.jwk.JWK;
+import com.nimbusds.jose.jwk.JWKParameterNames;
+import com.nimbusds.jose.jwk.KeyType;
 import com.nimbusds.jose.jwk.KeyUse;
 import com.nimbusds.jose.jwk.OctetKeyPair;
 import com.nimbusds.jose.util.Base64URL;
@@ -84,12 +87,17 @@ public static JWK make(Curve keyCurve, KeyUse keyUse, Algorithm keyAlg, KeyIdGen
 				d = ((ASN1OctetString)ASN1OctetString.fromByteArray(d)).getOctets();
 			}
 
+            LinkedHashMap<String, Object> requiredParams = new LinkedHashMap<>();
+            requiredParams.put(JWKParameterNames.OKP_SUBTYPE, keyCurve.toString());
+            requiredParams.put(JWKParameterNames.KEY_TYPE, KeyType.OKP.getValue());
+            requiredParams.put(JWKParameterNames.OKP_PUBLIC_KEY, Base64URL.encode(x).toString());
+
 			// Now that we have the raw numbers, export them as a JWK
 			OctetKeyPair jwk = new OctetKeyPair.Builder(keyCurve, Base64URL.encode(x))
 				.d(Base64URL.encode(d))
 				.keyUse(keyUse)
 				.algorithm(keyAlg)
-				.keyID(kid.generate(keyUse, x))
+                    .keyID(kid.generate(requiredParams))
 				.build();
 
 			return jwk;

diff --git a/src/main/java/org/mitre/jose/jwk/OctetSequenceKeyMaker.java b/src/main/java/org/mitre/jose/jwk/OctetSequenceKeyMaker.java
@@ -4,8 +4,11 @@
 package org.mitre.jose.jwk;
 
 import java.security.SecureRandom;
+import java.util.LinkedHashMap;
 
 import com.nimbusds.jose.Algorithm;
+import com.nimbusds.jose.jwk.JWKParameterNames;
+import com.nimbusds.jose.jwk.KeyType;
 import com.nimbusds.jose.jwk.KeyUse;
 import com.nimbusds.jose.jwk.OctetSequenceKey;
 import com.nimbusds.jose.util.Base64URL;
@@ -30,9 +33,13 @@ public static OctetSequenceKey make(Integer keySize, KeyUse use, Algorithm alg,
 
         Base64URL encoded = Base64URL.encode(bytes);
 
+        LinkedHashMap<String, Object> requiredParams = new LinkedHashMap<>();
+        requiredParams.put(JWKParameterNames.OCT_KEY_VALUE, encoded.toString());
+        requiredParams.put(JWKParameterNames.KEY_TYPE, KeyType.OCT.getValue());
+
         // make a key
         OctetSequenceKey octetSequenceKey = new OctetSequenceKey.Builder(encoded)
-                .keyID(kid.generate(use, bytes))
+                .keyID(kid.generate(requiredParams))
                 .algorithm(alg)
                 .keyUse(use)
                 .build();

diff --git a/src/main/java/org/mitre/jose/jwk/RSAKeyMaker.java b/src/main/java/org/mitre/jose/jwk/RSAKeyMaker.java
@@ -8,10 +8,14 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.interfaces.RSAPrivateCrtKey;
 import java.security.interfaces.RSAPublicKey;
+import java.util.LinkedHashMap;
 
 import com.nimbusds.jose.Algorithm;
+import com.nimbusds.jose.jwk.JWKParameterNames;
+import com.nimbusds.jose.jwk.KeyType;
 import com.nimbusds.jose.jwk.KeyUse;
 import com.nimbusds.jose.jwk.RSAKey;
+import com.nimbusds.jose.util.Base64URL;
 
 /**
  * @author jricher
@@ -35,11 +39,19 @@ public static RSAKey make(Integer keySize, KeyUse keyUse, Algorithm keyAlg, KeyI
             RSAPublicKey pub = (RSAPublicKey) kp.getPublic();
             RSAPrivateCrtKey priv = (RSAPrivateCrtKey) kp.getPrivate();
 
+            Base64URL n = Base64URL.encode(pub.getModulus());
+            Base64URL e = Base64URL.encode(pub.getPublicExponent());
+
+            LinkedHashMap<String, Object> requiredParams = new LinkedHashMap<>();
+            requiredParams.put(JWKParameterNames.RSA_EXPONENT, e.toString());
+            requiredParams.put(JWKParameterNames.KEY_TYPE, KeyType.RSA.getValue());
+            requiredParams.put(JWKParameterNames.RSA_MODULUS, n.toString());
+
             RSAKey rsaKey = new RSAKey.Builder(pub)
                     .privateKey(priv)
                     .keyUse(keyUse)
                     .algorithm(keyAlg)
-                    .keyID(kid.generate(keyUse, pub.getEncoded()))
+                    .keyID(kid.generate(requiredParams))
                     .build();
 
             return rsaKey;