Last active
June 24, 2021 09:14
-
-
Save anoopgarlapati/b0ce71766c26fc8d60d06e5d8c0bbdae to your computer and use it in GitHub Desktop.
Utility to generate RSA key pair in JWKS format. The program takes in two arguments - the key identifier and the modulus for the key and generates RSA key pair which is converted to JWKS format and then written to signing-keystone.jwks file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.io.BufferedWriter; | |
import java.io.FileWriter; | |
import java.io.IOException; | |
import java.security.KeyPair; | |
import java.security.KeyPairGenerator; | |
import java.security.interfaces.RSAPrivateCrtKey; | |
import java.security.interfaces.RSAPrivateKey; | |
import java.security.interfaces.RSAPublicKey; | |
import java.util.Base64; | |
/** | |
* Utility to generate RSA JWKS key pair. | |
*/ | |
public class RsaJwkGenerator { | |
public static void main(String[] args) throws IOException { | |
generateJwk(args[0], args[1]); | |
} | |
private static void generateJwk(String kid, String modulus) throws IOException { | |
KeyPair keyPair; | |
try { | |
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); | |
int keySize = Integer.parseInt(modulus); | |
keyPairGenerator.initialize(keySize); | |
keyPair = keyPairGenerator.generateKeyPair(); | |
} catch (Exception ex) { | |
throw new IllegalStateException(ex); | |
} | |
final RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); | |
final RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); | |
String kty = "RSA"; | |
// process RSA public key | |
String n = Base64.getUrlEncoder().encodeToString(publicKey.getModulus().toByteArray()); | |
String e = Base64.getUrlEncoder().encodeToString(publicKey.getPublicExponent().toByteArray()); | |
// process RSA private key | |
String d = null; | |
String p = null; | |
String q = null; | |
String dp = null; | |
String dq = null; | |
String qi = null; | |
if (privateKey instanceof RSAPrivateCrtKey) { | |
RSAPrivateCrtKey privateCrtKey = (RSAPrivateCrtKey) privateKey; | |
d = Base64.getUrlEncoder().encodeToString(privateCrtKey.getPrivateExponent().toByteArray()); | |
p = Base64.getUrlEncoder().encodeToString(privateCrtKey.getPrimeP().toByteArray()); | |
q = Base64.getUrlEncoder().encodeToString(privateCrtKey.getPrimeQ().toByteArray()); | |
dp = Base64.getUrlEncoder().encodeToString(privateCrtKey.getPrimeExponentP().toByteArray()); | |
dq = Base64.getUrlEncoder().encodeToString(privateCrtKey.getPrimeExponentQ().toByteArray()); | |
qi = Base64.getUrlEncoder().encodeToString(privateCrtKey.getCrtCoefficient().toByteArray()); | |
} else { | |
throw new IllegalStateException("Unable to generate RSA key"); | |
} | |
// prepare JWKS | |
String jwks = "{\"keys\":[{" + "\"e\":\"" + e + "\"," + | |
"\"kty\":\"" + kty + "\"," + | |
"\"n\":\"" + n + "\"," + | |
"\"d\":\"" + d + "\"," + | |
"\"p\":\"" + p + "\"," + | |
"\"q\":\"" + q + "\"," + | |
"\"dp\":\"" + dp + "\"," + | |
"\"dq\":\"" + dq + "\"," + | |
"\"qi\":\"" + qi + "\"," + | |
"\"kid\":\"" + kid + "\"}]}"; | |
// write JWKS to file | |
BufferedWriter writer = new BufferedWriter(new FileWriter("signing-keystore.jwks")); | |
writer.write(jwks); | |
writer.close(); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment