Examples with SignedJWT com.nimbusds.jwt.SignedJWT used on opensource projects

Search in sources :

Example 21 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project pac4j by pac4j.

the class RSASignatureConfiguration method sign.

@Override
public SignedJWT sign(JWTClaimsSet claims) {
    init();
    CommonHelper.assertNotNull("privateKey", privateKey);
    try {
        final JWSSigner signer = new RSASSASigner(this.privateKey);
        final SignedJWT signedJWT = new SignedJWT(new JWSHeader(algorithm), claims);
        signedJWT.sign(signer);
        return signedJWT;
    } catch (final JOSEException e) {
        throw new TechnicalException(e);
    }
}
Also used : TechnicalException(org.pac4j.core.exception.TechnicalException) RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner) SignedJWT(com.nimbusds.jwt.SignedJWT)

Example 22 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project pac4j by pac4j.

the class SecretSignatureConfiguration method sign.

@Override
public SignedJWT sign(final JWTClaimsSet claims) {
    init();
    try {
        final JWSSigner signer = new MACSigner(this.secret);
        final SignedJWT signedJWT = new SignedJWT(new JWSHeader(algorithm), claims);
        signedJWT.sign(signer);
        return signedJWT;
    } catch (final JOSEException e) {
        throw new TechnicalException(e);
    }
}
Also used : TechnicalException(org.pac4j.core.exception.TechnicalException) MACSigner(com.nimbusds.jose.crypto.MACSigner) SignedJWT(com.nimbusds.jwt.SignedJWT)

Example 23 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project pac4j by pac4j.

the class JwtAuthenticator method validate.

@Override
public void validate(final TokenCredentials credentials, final WebContext context) {
    init();
    final String token = credentials.getToken();
    if (context != null) {
        // set the www-authenticate in case of error
        context.setResponseHeader(HttpConstants.AUTHENTICATE_HEADER, "Bearer realm=\"" + realmName + "\"");
    }
    try {
        // Parse the token
        JWT jwt = JWTParser.parse(token);
        if (jwt instanceof PlainJWT) {
            if (signatureConfigurations.isEmpty()) {
                logger.debug("JWT is not signed and no signature configurations -> verified");
            } else {
                throw new CredentialsException("A non-signed JWT cannot be accepted as signature configurations have been defined");
            }
        } else {
            SignedJWT signedJWT = null;
            if (jwt instanceof SignedJWT) {
                signedJWT = (SignedJWT) jwt;
            }
            // encrypted?
            if (jwt instanceof EncryptedJWT) {
                logger.debug("JWT is encrypted");
                final EncryptedJWT encryptedJWT = (EncryptedJWT) jwt;
                boolean found = false;
                final JWEHeader header = encryptedJWT.getHeader();
                final JWEAlgorithm algorithm = header.getAlgorithm();
                final EncryptionMethod method = header.getEncryptionMethod();
                for (final EncryptionConfiguration config : encryptionConfigurations) {
                    if (config.supports(algorithm, method)) {
                        logger.debug("Using encryption configuration: {}", config);
                        try {
                            config.decrypt(encryptedJWT);
                            signedJWT = encryptedJWT.getPayload().toSignedJWT();
                            if (signedJWT != null) {
                                jwt = signedJWT;
                            }
                            found = true;
                            break;
                        } catch (final JOSEException e) {
                            logger.debug("Decryption fails with encryption configuration: {}, passing to the next one", config);
                        }
                    }
                }
                if (!found) {
                    throw new CredentialsException("No encryption algorithm found for JWT: " + token);
                }
            }
            // signed?
            if (signedJWT != null) {
                logger.debug("JWT is signed");
                boolean verified = false;
                boolean found = false;
                final JWSAlgorithm algorithm = signedJWT.getHeader().getAlgorithm();
                for (final SignatureConfiguration config : signatureConfigurations) {
                    if (config.supports(algorithm)) {
                        logger.debug("Using signature configuration: {}", config);
                        try {
                            verified = config.verify(signedJWT);
                            found = true;
                            if (verified) {
                                break;
                            }
                        } catch (final JOSEException e) {
                            logger.debug("Verification fails with signature configuration: {}, passing to the next one", config);
                        }
                    }
                }
                if (!found) {
                    throw new CredentialsException("No signature algorithm found for JWT: " + token);
                }
                if (!verified) {
                    throw new CredentialsException("JWT verification failed: " + token);
                }
            }
        }
        createJwtProfile(credentials, jwt);
    } catch (final ParseException e) {
        throw new CredentialsException("Cannot decrypt / verify JWT", e);
    }
}
Also used : PlainJWT(com.nimbusds.jwt.PlainJWT) SignatureConfiguration(org.pac4j.jwt.config.signature.SignatureConfiguration) EncryptionConfiguration(org.pac4j.jwt.config.encryption.EncryptionConfiguration) PlainJWT(com.nimbusds.jwt.PlainJWT) JWT(com.nimbusds.jwt.JWT) SignedJWT(com.nimbusds.jwt.SignedJWT) EncryptedJWT(com.nimbusds.jwt.EncryptedJWT) SignedJWT(com.nimbusds.jwt.SignedJWT) EncryptionMethod(com.nimbusds.jose.EncryptionMethod) CredentialsException(org.pac4j.core.exception.CredentialsException) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) JWEHeader(com.nimbusds.jose.JWEHeader) JWEAlgorithm(com.nimbusds.jose.JWEAlgorithm) ParseException(java.text.ParseException) EncryptedJWT(com.nimbusds.jwt.EncryptedJWT) JOSEException(com.nimbusds.jose.JOSEException)

Example 24 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project pac4j by pac4j.

the class ECSignatureConfigurationTests method testSignVerify.

@Test
public void testSignVerify() throws JOSEException {
    final ECSignatureConfiguration config = new ECSignatureConfiguration(buildKeyPair());
    final JWTClaimsSet claims = new JWTClaimsSet.Builder().subject(VALUE).build();
    final SignedJWT signedJwt = config.sign(claims);
    assertTrue(config.verify(signedJwt));
}
Also used : JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) SignedJWT(com.nimbusds.jwt.SignedJWT) Test(org.junit.Test)

Example 25 with SignedJWT

use of com.nimbusds.jwt.SignedJWT in project pac4j by pac4j.

the class RSASignatureConfigurationTests method testMissingPublicKey.

@Test
public void testMissingPublicKey() {
    final RSASignatureConfiguration config = new RSASignatureConfiguration();
    config.setPrivateKey((RSAPrivateKey) buildKeyPair().getPrivate());
    final SignedJWT signedJWT = config.sign(buildClaims());
    TestsHelper.expectException(() -> config.verify(signedJWT), TechnicalException.class, "publicKey cannot be null");
}
Also used : SignedJWT(com.nimbusds.jwt.SignedJWT) Test(org.junit.Test)

Aggregations

SignedJWT (com.nimbusds.jwt.SignedJWT)137 Date (java.util.Date)51 Test (org.junit.Test)50 HttpServletRequest (javax.servlet.http.HttpServletRequest)47 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)45 HttpServletResponse (javax.servlet.http.HttpServletResponse)44 Properties (java.util.Properties)39 ServletException (javax.servlet.ServletException)39 JWSHeader (com.nimbusds.jose.JWSHeader)30 RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)24 Cookie (javax.servlet.http.Cookie)21 ParseException (java.text.ParseException)20 JOSEException (com.nimbusds.jose.JOSEException)19 JWSSigner (com.nimbusds.jose.JWSSigner)14 Test (org.junit.jupiter.api.Test)12 AuthenticationException (com.hortonworks.registries.auth.client.AuthenticationException)10 RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)10 AuthenticationException (org.apache.hadoop.security.authentication.client.AuthenticationException)10 PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)10 JWSVerifier (com.nimbusds.jose.JWSVerifier)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial