Visit Flexiana website
Back

public-key (clj)

(source)

function

(public-key path)
Public key constructor from file path.

Examples

funcool/buddy-core 
  Reference:
  https://tools.ietf.org/html/rfc8037#section-2"
  (:require [buddy.core.keys.jwk.proto :as proto]
            [buddy.core.hash :as hash]
            [cheshire.core :as json])
  (:import (java.io StringWriter)
           (com.fasterxml.jackson.core JsonGenerator)))

;; OKP type - curve specific
(defmulti jwkokp->public-key :crv)
(defmulti jwkokp->private-key :crv)

(defmethod proto/jwk->public-key "OKP"
  [jwk]
  (jwkokp->public-key jwk))
funcool/buddy-core 
(ns buddy.core.keys.jwk.rsa
  "JWK support for RSA keys"
  (:require [buddy.core.codecs.base64 :as b64]
            [buddy.core.codecs :as codecs]
            [buddy.core.keys.jwk.proto :as proto]
            [buddy.core.hash :as hash]
            [cheshire.core :as json])
  (:import (java.security.interfaces RSAPrivateKey RSAPublicKey)
           (java.io StringWriter)
           (com.fasterxml.jackson.core JsonGenerator)
           (java.security KeyFactory)
           (java.security.spec RSAPrivateKeySpec RSAPublicKeySpec)))

(defmethod proto/jwk->public-key "RSA"
  [jwk]
  (let [n (proto/b64str->bigint (:n jwk))
        e (proto/b64str->bigint (:e jwk))
        kf (KeyFactory/getInstance "RSA" "BC")]
    (.generatePublic kf (RSAPublicKeySpec. n e))))

(defmethod proto/public-key->jwk RSAPublicKey
  [^RSAPublicKey public]
  (let [e (.getPublicExponent public)
        n (.getModulus public)]
    {:kty "RSA"
     :e   (proto/bigint->b64str (proto/calc-byte-length e) e)
     :n   (proto/bigint->b64str (proto/calc-byte-length n) n)}))
funcool/buddy-core 
(ns buddy.core.dsa-tests
  (:require [clojure.test :refer :all]
            [buddy.core.codecs :as codecs :refer :all]
            [buddy.core.bytes :as bytes]
            [buddy.core.keys :refer :all]
            [buddy.core.dsa :as dsa]
            [clojure.java.io :as io]))

(deftest low-level-sign
  (let [rsa-privkey (private-key "test/_files/privkey.3des.rsa.pem" "secret")
        rsa-pubkey  (public-key "test/_files/pubkey.3des.rsa.pem")
        ec-privkey  (private-key "test/_files/privkey.ecdsa.pem")
        ec-pubkey   (public-key "test/_files/pubkey.ecdsa.pem")]
funcool/buddy-core 
(ns buddy.core.keys-tests
  (:require [clojure.test :refer :all]
            [buddy.core.codecs :refer :all]
            [buddy.core.nonce :as nonce]
            [buddy.core.bytes :as bytes]
            [buddy.core.keys :as keys]))

  (testing "Read rsa pub key"
    (let [pkey (keys/public-key "test/_files/pubkey.3des.rsa.pem")]
      (is (= (type pkey) org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey))))

  (testing "Read X.509 rsa pub key"
    (let [pkey (keys/public-key "test/_files/pubkey.X509.rsa.pem")]
      (is (= (type pkey) org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey))))

  (testing "Read dsa pub key"
    (let [pkey (keys/public-key "test/_files/pubkey.3des.dsa.pem")]
      (is (keys/public-key? pkey))
      (is (= (type pkey) org.bouncycastle.jcajce.provider.asymmetric.dsa.BCDSAPublicKey))))

  (testing "Read ec pub key"
    (let [pkey (keys/public-key "test/_files/pubkey.ecdsa.pem")]
      (is (= (type pkey) org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey))))

  (testing "Read public key from string."
    (let [keystr (slurp "test/_files/pubkey.ecdsa.pem")
          pkey (keys/str->public-key keystr)]
      (is (= (type pkey) org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey))
      (is (keys/public-key? pkey))))
funcool/buddy-core 
(ns buddy.core.certificates-tests
  (:require [clojure.test :refer :all]
            [buddy.core.codecs :refer :all]
            [buddy.core.nonce :as nonce]
            [buddy.core.bytes :as bytes]
            [buddy.core.certificates :as certificates]
            [buddy.core.keys :as keys]))

(deftest verify-signature
  (let [cert (certificates/certificate "test/_files/cert.rsa.pem")
        ca-cert (certificates/certificate "test/_files/ca-cert.rsa.pem")]
    (testing "cert is signed by ca"
      (is (certificates/verify-signature cert
                                         (keys/public-key "test/_files/ca-cert.rsa.pem"))))
    (testing "cert is signed by ca with certificate"
      (is (certificates/verify-signature cert
                                         (certificates/certificate "test/_files/ca-cert.rsa.pem"))))
    (testing "cert is not self signed"
      (is (not (certificates/verify-signature cert
                                              (keys/public-key "test/_files/cert.rsa.pem")))))
    (testing "cert is not self signed by certificate"
      (is (not (certificates/verify-signature cert
                                              (certificates/certificate "test/_files/cert.rsa.pem")))))))
(deftest date-handling
    (let [expired (certificates/certificate "test/_files/expired-rsa.crt")]
      (is (= #inst "2016-12-01T16:18:40.000-00:00" (certificates/not-before expired)))
      (is (= #inst "2016-12-02T16:18:40.000-00:00" (certificates/not-after expired)))
      (is (not (certificates/valid-on-date? expired)))
      (is (certificates/valid-on-date? expired #inst "2016-12-02T16:18:40.000-00:00"))
      (is (certificates/valid-on-date? expired #inst "2016-12-02T16:17:40.000-00:00"))
      (is (not (certificates/valid-on-date? expired #inst "2016-12-01T16:17:40.000-00:00")))
      (is (not (certificates/valid-on-date? expired #inst "2016-12-03T16:17:40.000-00:00"))) ))