Examples with SignedJWT com.nimbusds.jwt.SignedJWT used on opensource projects

Search in sources :

Example 11 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project ratauth by alfa-laboratory.

the class HS256TokenProcessor method extractInfo.

@Override
@SneakyThrows
public Map<String, Object> extractInfo(String jwt, String secret) {
    SignedJWT signedJWT = SignedJWT.parse(jwt);
    final JWSVerifier verifier = new MACVerifier(Base64.getDecoder().decode(secret));
    if (!signedJWT.verify(verifier))
        throw new JWTVerificationException("User info extraction error");
    return signedJWT.getJWTClaimsSet().getClaims();
}
Also used : MACVerifier(com.nimbusds.jose.crypto.MACVerifier) JWSVerifier(com.nimbusds.jose.JWSVerifier) SignedJWT(com.nimbusds.jwt.SignedJWT) SneakyThrows(lombok.SneakyThrows)

Example 12 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project ORCID-Source by ORCID.

the class OpenIDConnectKeyService method sign.

/**
 * Get the private key for signing
 *
 * @return
 * @throws JOSEException
 */
public SignedJWT sign(JWTClaimsSet claims) throws JOSEException {
    JWSSigner signer = new RSASSASigner(privateJWK);
    JWSHeader.Builder head = new JWSHeader.Builder(defaultAlg);
    head.keyID(getDefaultKeyID());
    SignedJWT signedJWT = new SignedJWT(head.build(), claims);
    signedJWT.sign(signer);
    return signedJWT;
/* For HMAC we could do the following.  This may be useful for the implicit flow:
        ClientDetailsEntity clientEntity = clientDetailsEntityCacheManager.retrieve(authentication.getOAuth2Request().getClientId());
        JWSSigner signer = new MACSigner(StringUtils.rightPad(clientEntity.getDecryptedClientSecret(), 32, "#").getBytes());
        signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claims.build());
        signedJWT.sign(signer);     
         */
}
Also used : RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) SignedJWT(com.nimbusds.jwt.SignedJWT) JWSSigner(com.nimbusds.jose.JWSSigner) JWSHeader(com.nimbusds.jose.JWSHeader)

Example 13 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project knox by apache.

the class AbstractJWTFilterTest method testInvalidVerificationPEM.

@Test
public void testInvalidVerificationPEM() throws Exception {
    try {
        Properties props = getProperties();
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
        kpg.initialize(1024);
        KeyPair KPair = kpg.generateKeyPair();
        String dn = buildDistinguishedName(InetAddress.getLocalHost().getHostName());
        Certificate cert = X509CertificateUtil.generateCertificate(dn, KPair, 365, "SHA1withRSA");
        byte[] data = cert.getEncoded();
        Base64 encoder = new Base64(76, "\n".getBytes("ASCII"));
        String failingPem = new String(encoder.encodeToString(data).getBytes("ASCII")).trim();
        props.put(getAudienceProperty(), "bar");
        props.put(getVerificationPemProperty(), failingPem);
        handler.init(new TestFilterConfig(props));
        SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", new Date(new Date().getTime() + 50000), privateKey);
        HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
        setTokenOnRequest(request, jwt);
        EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
        EasyMock.expect(request.getQueryString()).andReturn(null);
        HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
        EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
        EasyMock.replay(request);
        TestFilterChain chain = new TestFilterChain();
        handler.doFilter(request, response, chain);
        Assert.assertTrue("doFilterCalled should not be true.", chain.doFilterCalled == false);
        Assert.assertTrue("No Subject should be returned.", chain.subject == null);
    } catch (ServletException se) {
        fail("Should NOT have thrown a ServletException.");
    }
}
Also used : KeyPair(java.security.KeyPair) Base64(org.apache.commons.codec.binary.Base64) HttpServletResponse(javax.servlet.http.HttpServletResponse) KeyPairGenerator(java.security.KeyPairGenerator) SignedJWT(com.nimbusds.jwt.SignedJWT) Properties(java.util.Properties) Date(java.util.Date) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) Certificate(java.security.cert.Certificate) Test(org.junit.Test)

Example 14 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project knox by apache.

the class AbstractJWTFilterTest method testValidAudienceJWT.

@Test
public void testValidAudienceJWT() throws Exception {
    try {
        Properties props = getProperties();
        props.put(getAudienceProperty(), "bar");
        handler.init(new TestFilterConfig(props));
        SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", new Date(new Date().getTime() + 5000), privateKey);
        HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
        setTokenOnRequest(request, jwt);
        EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
        EasyMock.expect(request.getQueryString()).andReturn(null);
        HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
        EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
        EasyMock.replay(request);
        TestFilterChain chain = new TestFilterChain();
        handler.doFilter(request, response, chain);
        Assert.assertTrue("doFilterCalled should not be false.", chain.doFilterCalled);
        Set<PrimaryPrincipal> principals = chain.subject.getPrincipals(PrimaryPrincipal.class);
        Assert.assertTrue("No PrimaryPrincipal", !principals.isEmpty());
        Assert.assertEquals("Not the expected principal", "alice", ((Principal) principals.toArray()[0]).getName());
    } catch (ServletException se) {
        fail("Should NOT have thrown a ServletException.");
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) HttpServletResponse(javax.servlet.http.HttpServletResponse) SignedJWT(com.nimbusds.jwt.SignedJWT) Properties(java.util.Properties) Date(java.util.Date) Test(org.junit.Test)

Example 15 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project knox by apache.

the class AbstractJWTFilterTest method testValidAudienceJWTWhitespace.

@Test
public void testValidAudienceJWTWhitespace() throws Exception {
    try {
        Properties props = getProperties();
        props.put(getAudienceProperty(), " foo, bar ");
        handler.init(new TestFilterConfig(props));
        SignedJWT jwt = getJWT(AbstractJWTFilter.JWT_DEFAULT_ISSUER, "alice", new Date(new Date().getTime() + 5000), privateKey);
        HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
        setTokenOnRequest(request, jwt);
        EasyMock.expect(request.getRequestURL()).andReturn(new StringBuffer(SERVICE_URL)).anyTimes();
        EasyMock.expect(request.getQueryString()).andReturn(null);
        HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
        EasyMock.expect(response.encodeRedirectURL(SERVICE_URL)).andReturn(SERVICE_URL);
        EasyMock.replay(request);
        TestFilterChain chain = new TestFilterChain();
        handler.doFilter(request, response, chain);
        Assert.assertTrue("doFilterCalled should not be false.", chain.doFilterCalled);
        Set<PrimaryPrincipal> principals = chain.subject.getPrincipals(PrimaryPrincipal.class);
        Assert.assertTrue("No PrimaryPrincipal", !principals.isEmpty());
        Assert.assertEquals("Not the expected principal", "alice", ((Principal) principals.toArray()[0]).getName());
    } catch (ServletException se) {
        fail("Should NOT have thrown a ServletException.");
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) HttpServletResponse(javax.servlet.http.HttpServletResponse) SignedJWT(com.nimbusds.jwt.SignedJWT) Properties(java.util.Properties) Date(java.util.Date) Test(org.junit.Test)

Aggregations

SignedJWT (com.nimbusds.jwt.SignedJWT)137 Date (java.util.Date)51 Test (org.junit.Test)50 HttpServletRequest (javax.servlet.http.HttpServletRequest)47 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)45 HttpServletResponse (javax.servlet.http.HttpServletResponse)44 Properties (java.util.Properties)39 ServletException (javax.servlet.ServletException)39 JWSHeader (com.nimbusds.jose.JWSHeader)30 RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)24 Cookie (javax.servlet.http.Cookie)21 ParseException (java.text.ParseException)20 JOSEException (com.nimbusds.jose.JOSEException)19 JWSSigner (com.nimbusds.jose.JWSSigner)14 Test (org.junit.jupiter.api.Test)12 AuthenticationException (com.hortonworks.registries.auth.client.AuthenticationException)10 RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)10 AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)10 PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)10 JWSVerifier (com.nimbusds.jose.JWSVerifier)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial