Examples with RsaJsonWebKey org.jose4j.jwk.RsaJsonWebKey used on opensource projects

Search in sources :

Example 1 with RsaJsonWebKey

use of org.jose4j.jwk.RsaJsonWebKey in project blueocean-plugin by jenkinsci.

the class JwtImplTest method anonymousUserToken.

@Test
public void anonymousUserToken() throws Exception {
    j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
    JenkinsRule.WebClient webClient = j.createWebClient();
    Page page = webClient.goTo("jwt-auth/token/", null);
    String token = page.getWebResponse().getResponseHeaderValue("X-BLUEOCEAN-JWT");
    Assert.assertNotNull(token);
    JsonWebStructure jsonWebStructure = JsonWebStructure.fromCompactSerialization(token);
    Assert.assertTrue(jsonWebStructure instanceof JsonWebSignature);
    JsonWebSignature jsw = (JsonWebSignature) jsonWebStructure;
    String kid = jsw.getHeader("kid");
    Assert.assertNotNull(kid);
    page = webClient.goTo("jwt-auth/jwks/" + kid + "/", "application/json");
    //        for(NameValuePair valuePair: page.getWebResponse().getResponseHeaders()){
    //            System.out.println(valuePair);
    //        }
    JSONObject jsonObject = JSONObject.fromObject(page.getWebResponse().getContentAsString());
    RsaJsonWebKey rsaJsonWebKey = new RsaJsonWebKey(jsonObject, null);
    JwtConsumer jwtConsumer = new JwtConsumerBuilder().setRequireExpirationTime().setAllowedClockSkewInSeconds(// allow some leeway in validating time based claims to account for clock skew
    30).setRequireSubject().setVerificationKey(// verify the sign with the public key
    rsaJsonWebKey.getKey()).build();
    JwtClaims claims = jwtConsumer.processToClaims(token);
    Assert.assertEquals("anonymous", claims.getSubject());
    Map<String, Object> claimMap = claims.getClaimsMap();
    Map<String, Object> context = (Map<String, Object>) claimMap.get("context");
    Map<String, String> userContext = (Map<String, String>) context.get("user");
    Assert.assertEquals("anonymous", userContext.get("id"));
}
Also used : JwtClaims(org.jose4j.jwt.JwtClaims) JwtConsumerBuilder(org.jose4j.jwt.consumer.JwtConsumerBuilder) Page(com.gargoylesoftware.htmlunit.Page) JenkinsRule(org.jvnet.hudson.test.JenkinsRule) JsonWebSignature(org.jose4j.jws.JsonWebSignature) JSONObject(net.sf.json.JSONObject) JwtConsumer(org.jose4j.jwt.consumer.JwtConsumer) JSONObject(net.sf.json.JSONObject) RsaJsonWebKey(org.jose4j.jwk.RsaJsonWebKey) Map(java.util.Map) JsonWebStructure(org.jose4j.jwx.JsonWebStructure) Test(org.junit.Test)

Example 2 with RsaJsonWebKey

use of org.jose4j.jwk.RsaJsonWebKey in project cas by apereo.

the class OidcDefaultJsonWebKeystoreCacheLoader method buildJsonWebKeySet.

private JsonWebKeySet buildJsonWebKeySet(final String json) throws Exception {
    final JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(json);
    final RsaJsonWebKey webKey = getJsonSigningWebKeyFromJwks(jsonWebKeySet);
    if (webKey == null || webKey.getPrivateKey() == null) {
        LOGGER.warn("JSON web key retrieved [{}] is not found or has no associated private key", webKey);
        return null;
    }
    return jsonWebKeySet;
}
Also used : RsaJsonWebKey(org.jose4j.jwk.RsaJsonWebKey) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet)

Example 3 with RsaJsonWebKey

use of org.jose4j.jwk.RsaJsonWebKey in project cas by apereo.

the class OidcServiceJsonWebKeystoreCacheLoader method load.

@Override
public Optional<RsaJsonWebKey> load(final OidcRegisteredService svc) throws Exception {
    final Optional<JsonWebKeySet> jwks = buildJsonWebKeySet(svc);
    if (!jwks.isPresent() || jwks.get().getJsonWebKeys().isEmpty()) {
        return Optional.empty();
    }
    final RsaJsonWebKey key = getJsonSigningWebKeyFromJwks(jwks.get());
    if (key == null) {
        return Optional.empty();
    }
    return Optional.of(key);
}
Also used : RsaJsonWebKey(org.jose4j.jwk.RsaJsonWebKey) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet)

Example 4 with RsaJsonWebKey

use of org.jose4j.jwk.RsaJsonWebKey in project cas by apereo.

the class OidcServiceJsonWebKeystoreCacheLoader method buildJsonWebKeySet.

private JsonWebKeySet buildJsonWebKeySet(final String json) throws Exception {
    final JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(json);
    final RsaJsonWebKey webKey = getJsonSigningWebKeyFromJwks(jsonWebKeySet);
    if (webKey == null || webKey.getPublicKey() == null) {
        LOGGER.warn("JSON web key retrieved [{}] is not found or has no associated public key", webKey);
        return null;
    }
    return jsonWebKeySet;
}
Also used : RsaJsonWebKey(org.jose4j.jwk.RsaJsonWebKey) JsonWebKeySet(org.jose4j.jwk.JsonWebKeySet)

Example 5 with RsaJsonWebKey

use of org.jose4j.jwk.RsaJsonWebKey in project cas by apereo.

the class OidcIdTokenSigningAndEncryptionService method encryptIdToken.

private String encryptIdToken(final OidcRegisteredService svc, final JsonWebSignature jws, final String innerJwt) throws Exception {
    LOGGER.debug("Service [{}] is set to encrypt id tokens", svc);
    final JsonWebEncryption jwe = new JsonWebEncryption();
    jwe.setAlgorithmHeaderValue(svc.getIdTokenEncryptionAlg());
    jwe.setEncryptionMethodHeaderParameter(svc.getIdTokenEncryptionEncoding());
    final Optional<RsaJsonWebKey> jwks = this.serviceJsonWebKeystoreCache.get(svc);
    if (!jwks.isPresent()) {
        throw new IllegalArgumentException("Service " + svc.getServiceId() + " with client id " + svc.getClientId() + " is configured to encrypt id tokens, yet no JSON web key is available");
    }
    final RsaJsonWebKey jsonWebKey = jwks.get();
    LOGGER.debug("Found JSON web key to encrypt the id token: [{}]", jsonWebKey);
    if (jsonWebKey.getPublicKey() == null) {
        throw new IllegalArgumentException("JSON web key used to sign the id token has no associated public key");
    }
    jwe.setKey(jsonWebKey.getPublicKey());
    jwe.setKeyIdHeaderValue(jws.getKeyIdHeaderValue());
    jwe.setContentTypeHeaderValue("JWT");
    jwe.setPayload(innerJwt);
    return jwe.getCompactSerialization();
}
Also used : RsaJsonWebKey(org.jose4j.jwk.RsaJsonWebKey) JsonWebEncryption(org.jose4j.jwe.JsonWebEncryption)

Aggregations

RsaJsonWebKey (org.jose4j.jwk.RsaJsonWebKey)11 JsonWebKeySet (org.jose4j.jwk.JsonWebKeySet)7 Page (com.gargoylesoftware.htmlunit.Page)2 CacheLoader (com.google.common.cache.CacheLoader)2 StandardCharsets (java.nio.charset.StandardCharsets)2 Map (java.util.Map)2 Optional (java.util.Optional)2 JSONObject (net.sf.json.JSONObject)2 IOUtils (org.apache.commons.io.IOUtils)2 StringUtils (org.apache.commons.lang3.StringUtils)2 JsonWebSignature (org.jose4j.jws.JsonWebSignature)2 JwtClaims (org.jose4j.jwt.JwtClaims)2 JwtConsumer (org.jose4j.jwt.consumer.JwtConsumer)2 JwtConsumerBuilder (org.jose4j.jwt.consumer.JwtConsumerBuilder)2 JsonWebStructure (org.jose4j.jwx.JsonWebStructure)2 Test (org.junit.Test)2 JenkinsRule (org.jvnet.hudson.test.JenkinsRule)2 Logger (org.slf4j.Logger)2 LoggerFactory (org.slf4j.LoggerFactory)2 Resource (org.springframework.core.io.Resource)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial