1 files changed, 99 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Signer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Signer.java
new file mode 100644
index 000000000..9755e3c0a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Signer.java
@@ -0,0 +1,99 @@
+/**
+ * Copyright 2010 Google Inc.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ * 
+ */
+package at.gv.egovernment.moa.id.protocols.oauth20.json;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.Signature;
+import java.security.SignatureException;
+
+import net.oauth.jsontoken.crypto.AbstractSigner;
+import net.oauth.jsontoken.crypto.RsaSHA256Signer;
+import net.oauth.jsontoken.crypto.SignatureAlgorithm;
+
+/**
+ * Signer that can sign byte arrays using a {@link PrivateKey} and SHA-256. <br/>
+ * This is something like a copy of the {@link RsaSHA256Signer}.
+ * 
+ */
+public class OAuth20SHA256Signer extends AbstractSigner implements OAuthSigner {
+	
+	private final Signature signature;
+	private final PrivateKey signingKey;
+	private final OAuthSignatureAlgorithm algorithm;
+	
+	/**
+	 * Public constructor.
+	 * 
+	 * @param issuer
+	 *            The id of this signer, to be included in the JSON Token's envelope.
+	 * @param keyId
+	 *            The id of the key used by this signer, to be included in the JSON Token's
+	 *            envelope.
+	 * @param key
+	 *            the private key to be used for signing.
+	 * @throws InvalidKeyException
+	 *             if the key is unsuitable for RSA signing.
+	 */
+	public OAuth20SHA256Signer(final String issuer, final String keyId, final PrivateKey key) throws InvalidKeyException {
+		super(issuer, keyId);
+		
+		this.signingKey = key;
+		this.algorithm = OAuth20SignatureUtil.findSignature(key);
+		
+		try {
+			this.signature = this.algorithm.getSignatureInstance();
+			this.signature.initSign(signingKey);
+		}
+		catch (NoSuchAlgorithmException e) {
+			throw new IllegalStateException("Cannot get algorithm for the given private key", e);
+		}
+		catch (NoSuchProviderException e) {
+			throw new IllegalStateException("Cannot get algorithm for the given private key", e);
+		}
+	}
+	
+	/*
+	 * (non-Javadoc)
+	 * @see net.oauth.jsontoken.crypto.Signer#getSignatureAlgorithm()
+	 */
+	public SignatureAlgorithm getSignatureAlgorithm() {
+		// it is fine to return RS256 because we overwrite the JsonToken for the algorithm name. But
+		// we need the internal SHA256 which is used.
+		return SignatureAlgorithm.RS256;
+	}
+	
+	/*
+	 * (non-Javadoc)
+	 * @see net.oauth.jsontoken.crypto.Signer#sign(byte[])
+	 */
+	public byte[] sign(byte[] source) throws SignatureException {
+		try {
+			signature.initSign(signingKey);
+		}
+		catch (InvalidKeyException e) {
+			throw new RuntimeException("key somehow became invalid since calling the constructor");
+		}
+		signature.update(source);
+		return signature.sign();
+	}
+	
+	public OAuthSignatureAlgorithm getOAuthSignatureAlgorithm() {
+		return this.algorithm;
+	}
+	
+}