use of com.nimbusds.jose.JOSEObjectType in project spring-security by spring-projects.
the class NimbusJwtDecoderTests method withJwkSetUriWhenUsingCustomTypeHeaderThenRefuseOmittedType.
// gh-8730
@Test
public void withJwkSetUriWhenUsingCustomTypeHeaderThenRefuseOmittedType() throws Exception {
RestOperations restOperations = mock(RestOperations.class);
given(restOperations.exchange(any(RequestEntity.class), eq(String.class))).willReturn(new ResponseEntity<>(JWK_SET, HttpStatus.OK));
// @formatter:off
NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(JWK_SET_URI).restOperations(restOperations).jwtProcessorCustomizer((p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))).build();
assertThatExceptionOfType(BadJwtException.class).isThrownBy(() -> jwtDecoder.decode(SIGNED_JWT)).withMessageContaining("An error occurred while attempting to decode the Jwt: " + "Required JOSE header typ (type) parameter is missing");
// @formatter:on
}
use of com.nimbusds.jose.JOSEObjectType in project spring-security by spring-projects.
the class NimbusJwtEncoder method convert.
private static JWSHeader convert(JwsHeader headers) {
JWSHeader.Builder builder = new JWSHeader.Builder(JWSAlgorithm.parse(headers.getAlgorithm().getName()));
if (headers.getJwkSetUrl() != null) {
builder.jwkURL(convertAsURI(JoseHeaderNames.JKU, headers.getJwkSetUrl()));
}
Map<String, Object> jwk = headers.getJwk();
if (!CollectionUtils.isEmpty(jwk)) {
try {
builder.jwk(JWK.parse(jwk));
} catch (Exception ex) {
throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE, "Unable to convert '" + JoseHeaderNames.JWK + "' JOSE header"), ex);
}
}
String keyId = headers.getKeyId();
if (StringUtils.hasText(keyId)) {
builder.keyID(keyId);
}
if (headers.getX509Url() != null) {
builder.x509CertURL(convertAsURI(JoseHeaderNames.X5U, headers.getX509Url()));
}
List<String> x509CertificateChain = headers.getX509CertificateChain();
if (!CollectionUtils.isEmpty(x509CertificateChain)) {
List<Base64> x5cList = new ArrayList<>();
x509CertificateChain.forEach((x5c) -> x5cList.add(new Base64(x5c)));
if (!x5cList.isEmpty()) {
builder.x509CertChain(x5cList);
}
}
String x509SHA1Thumbprint = headers.getX509SHA1Thumbprint();
if (StringUtils.hasText(x509SHA1Thumbprint)) {
builder.x509CertThumbprint(new Base64URL(x509SHA1Thumbprint));
}
String x509SHA256Thumbprint = headers.getX509SHA256Thumbprint();
if (StringUtils.hasText(x509SHA256Thumbprint)) {
builder.x509CertSHA256Thumbprint(new Base64URL(x509SHA256Thumbprint));
}
String type = headers.getType();
if (StringUtils.hasText(type)) {
builder.type(new JOSEObjectType(type));
}
String contentType = headers.getContentType();
if (StringUtils.hasText(contentType)) {
builder.contentType(contentType);
}
Set<String> critical = headers.getCritical();
if (!CollectionUtils.isEmpty(critical)) {
builder.criticalParams(critical);
}
Map<String, Object> customHeaders = new HashMap<>();
headers.getHeaders().forEach((name, value) -> {
if (!JWSHeader.getRegisteredParameterNames().contains(name)) {
customHeaders.put(name, value);
}
});
if (!customHeaders.isEmpty()) {
builder.customParams(customHeaders);
}
return builder.build();
}
use of com.nimbusds.jose.JOSEObjectType in project wildfly by wildfly.
the class TokenUtil method generateJWT.
public static String generateJWT(final String keyLocation, final String principal, final String birthdate, final String... groups) throws Exception {
PrivateKey privateKey = loadPrivateKey(keyLocation);
JWSSigner signer = new RSASSASigner(privateKey);
JsonArrayBuilder groupsBuilder = Json.createArrayBuilder();
for (String group : groups) {
groupsBuilder.add(group);
}
long currentTime = System.currentTimeMillis() / 1000;
JsonObjectBuilder claimsBuilder = Json.createObjectBuilder().add("sub", principal).add("upn", principal).add("iss", "quickstart-jwt-issuer").add("aud", "jwt-audience").add("groups", groupsBuilder.build()).add("birthdate", birthdate).add("jti", UUID.randomUUID().toString()).add("iat", currentTime).add("exp", currentTime + 14400);
JWSObject jwsObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).type(new JOSEObjectType("jwt")).keyID("Test Key").build(), new Payload(claimsBuilder.build().toString()));
jwsObject.sign(signer);
return jwsObject.serialize();
}
use of com.nimbusds.jose.JOSEObjectType in project quickstart by wildfly.
the class TokenUtil method generateJWT.
public static String generateJWT(final String principal, final String birthdate, final String... groups) throws Exception {
PrivateKey privateKey = loadPrivateKey("private.pem");
JWSSigner signer = new RSASSASigner(privateKey);
JsonArrayBuilder groupsBuilder = Json.createArrayBuilder();
for (String group : groups) {
groupsBuilder.add(group);
}
long currentTime = System.currentTimeMillis() / 1000;
JsonObjectBuilder claimsBuilder = Json.createObjectBuilder().add("sub", principal).add("upn", principal).add("iss", "quickstart-jwt-issuer").add("aud", "jwt-audience").add("groups", groupsBuilder.build()).add("birthdate", birthdate).add("jti", UUID.randomUUID().toString()).add("iat", currentTime).add("exp", currentTime + 14400);
JWSObject jwsObject = new JWSObject(new JWSHeader.Builder(JWSAlgorithm.RS256).type(new JOSEObjectType("jwt")).keyID("Test Key").build(), new Payload(claimsBuilder.build().toString()));
jwsObject.sign(signer);
return jwsObject.serialize();
}
use of com.nimbusds.jose.JOSEObjectType in project spring-security by spring-projects.
the class NimbusJwtDecoderTests method withPublicKeyWhenUsingCustomTypeHeaderThenSuccessfullyDecodes.
// gh-8730
@Test
public void withPublicKeyWhenUsingCustomTypeHeaderThenSuccessfullyDecodes() throws Exception {
RSAPublicKey publicKey = TestKeys.DEFAULT_PUBLIC_KEY;
RSAPrivateKey privateKey = TestKeys.DEFAULT_PRIVATE_KEY;
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(new JOSEObjectType("JWS")).build();
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
SignedJWT signedJwt = signedJwt(privateKey, header, claimsSet);
// @formatter:off
NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(publicKey).signatureAlgorithm(SignatureAlgorithm.RS256).jwtProcessorCustomizer((p) -> p.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier<>(new JOSEObjectType("JWS")))).build();
// @formatter:on
assertThat(decoder.decode(signedJwt.serialize()).hasClaim(JwtClaimNames.EXP)).isNotNull();
}
Aggregations