Example 46 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project SEPA by arces-wot.
the class SecurityManagerTest method generateToken.
private SignedJWT generateToken(DigitalIdentity identity, String password) throws ParseException, KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, JOSEException, SEPASecurityException {
// Prepare JWT with claims set
JWTClaimsSet.Builder claimsSetBuilder = new JWTClaimsSet.Builder();
// Define validity period
Date now = new Date();
long exp = 0;
if (identity.getClass().equals(DeviceIdentity.class)) {
exp = auth.getDeviceExpiringPeriod();
} else if (identity.getClass().equals(ApplicationIdentity.class)) {
exp = auth.getApplicationExpiringPeriod();
} else
exp = auth.getDefaultExpiringPeriod();
Date expires = new Date(now.getTime() + exp * 1000);
claimsSetBuilder.issuer("http://issuer");
claimsSetBuilder.subject("http://subject");
ArrayList<String> audience = new ArrayList<String>();
audience.add("https://audience");
audience.add("wss://audience");
claimsSetBuilder.audience(audience);
claimsSetBuilder.expirationTime(expires);
claimsSetBuilder.issueTime(now);
claimsSetBuilder.jwtID(identity.getUid() + ":" + password + ":" + UUID.randomUUID());
JWTClaimsSet jwtClaims = claimsSetBuilder.build();
// ******************************
// Sign JWT with private RSA key
// ******************************
SignedJWT signedJWT;
signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), JWTClaimsSet.parse(jwtClaims.toString()));
// // Load the key from the key store
// KeyStore keystore = KeyStore.getInstance("JKS");
//
// keystore.load(new FileInputStream(jksFile), storePass.toCharArray());
// RSAKey jwk = RSAKey.load(keystore, alias, keyPass.toCharArray());
RSAKey jwk = configurationProvider.getRsaKey();
// Get the private and public keys to sign and verify
RSAPrivateKey privateKey = jwk.toRSAPrivateKey();
// Create RSA-signer with the private key
JWSSigner signer = new RSASSASigner(privateKey);
signedJWT.sign(signer);
return signedJWT;
}
Also used :
RSAKey(com.nimbusds.jose.jwk.RSAKey)
ApplicationIdentity(it.unibo.arces.wot.sepa.engine.dependability.authorization.identities.ApplicationIdentity)
ArrayList(java.util.ArrayList)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Date(java.util.Date)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
JWSSigner(com.nimbusds.jose.JWSSigner)
JWSHeader(com.nimbusds.jose.JWSHeader)
Example 47 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project iaf by ibissource.
the class ApiListenerServletTest method createJWT.
private String createJWT() throws Exception {
JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.RS256).build();
JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
builder.issuer("JWTPipeTest");
builder.subject("UnitTest");
builder.audience("Framework");
builder.jwtID("1234");
SignedJWT signedJWT = new SignedJWT(jwsHeader, builder.build());
KeyStore keystore = PkiUtil.createKeyStore(TestFileUtils.getTestFileURL("/JWT/jwt_keystore.p12"), "geheim", KeystoreType.PKCS12, "Keys for signing");
KeyManager[] keymanagers = PkiUtil.createKeyManagers(keystore, "geheim", null);
X509KeyManager keyManager = (X509KeyManager) keymanagers[0];
PrivateKey privateKey = keyManager.getPrivateKey("1");
PublicKey publicKey = keystore.getCertificate("1").getPublicKey();
JWK jwk = new RSAKey.Builder((RSAPublicKey) publicKey).privateKey(privateKey).keyUse(KeyUse.SIGNATURE).keyOperations(Collections.singleton(KeyOperation.SIGN)).algorithm(JWSAlgorithm.RS256).keyStore(keystore).build();
DefaultJWSSignerFactory factory = new DefaultJWSSignerFactory();
JWSSigner jwsSigner = factory.createJWSSigner(jwk, JWSAlgorithm.RS256);
signedJWT.sign(jwsSigner);
return signedJWT.serialize();
}
Also used :
PrivateKey(java.security.PrivateKey)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PublicKey(java.security.PublicKey)
URIBuilder(org.apache.http.client.utils.URIBuilder)
MultipartEntityBuilder(nl.nn.adapterframework.http.mime.MultipartEntityBuilder)
SignedJWT(com.nimbusds.jwt.SignedJWT)
KeyStore(java.security.KeyStore)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
DefaultJWSSignerFactory(com.nimbusds.jose.crypto.factories.DefaultJWSSignerFactory)
X509KeyManager(javax.net.ssl.X509KeyManager)
X509KeyManager(javax.net.ssl.X509KeyManager)
KeyManager(javax.net.ssl.KeyManager)
JWSSigner(com.nimbusds.jose.JWSSigner)
JWSHeader(com.nimbusds.jose.JWSHeader)
JWK(com.nimbusds.jose.jwk.JWK)
Example 48 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project flow by vaadin.
the class JwtSecurityContextRepositoryTest method saveContext_doesNotSaveJwt_when_keySourceReturnsNull.
@Test
public void saveContext_doesNotSaveJwt_when_keySourceReturnsNull() throws JOSEException {
SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
JWSHeader header = getHeaderBuilder().build();
JWTClaimsSet claimsSet = getClaimsSetBuilder().build();
Mockito.doReturn(getJwtAuthenticationToken(header, claimsSet)).when(securityContext).getAuthentication();
jwtSecurityContextRepository.setJwkSource((jwkSelector, context) -> null);
Assert.assertThrows(NullPointerException.class, () -> jwtSecurityContextRepository.saveContext(securityContext, request, response));
String serializedJwt = getSavedSerializedJwt();
Assert.assertNull(serializedJwt);
}
Also used :
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
SecurityContext(org.springframework.security.core.context.SecurityContext)
JWSHeader(com.nimbusds.jose.JWSHeader)
Test(org.junit.Test)
Example 49 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project flow by vaadin.
the class JwtSecurityContextRepositoryTest method saveContext_doesSaveJwt_withExpiresIn.
@Test
public void saveContext_doesSaveJwt_withExpiresIn() throws JOSEException, BadJOSEException, ParseException {
SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
JWSHeader header = getHeaderBuilder().build();
JWTClaimsSet claimsSet = getClaimsSetBuilder().build();
Mockito.doReturn(getJwtAuthenticationToken(header, claimsSet)).when(securityContext).getAuthentication();
jwtSecurityContextRepository.setExpiresIn(300);
jwtSecurityContextRepository.saveContext(securityContext, request, response);
String serializedJwt = getSavedSerializedJwt();
JWTClaimsSet decodedClaimsSet = decodeSerializedJwt(serializedJwt, jwtProcessor);
assertClaims(decodedClaimsSet, TEST_USERNAME, TEST_ROLES, 300);
}
Also used :
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
SecurityContext(org.springframework.security.core.context.SecurityContext)
JWSHeader(com.nimbusds.jose.JWSHeader)
Test(org.junit.Test)
Example 50 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project flow by vaadin.
the class JwtSecurityContextRepositoryTest method saveContext_doesNotSaveJwt_when_trustResolverIsAnonymousReturnsTrue.
@Test
public void saveContext_doesNotSaveJwt_when_trustResolverIsAnonymousReturnsTrue() throws JOSEException {
SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
JWSHeader header = getHeaderBuilder().build();
JWTClaimsSet claimsSet = getClaimsSetBuilder().build();
Authentication authentication = getJwtAuthenticationToken(header, claimsSet);
Mockito.doReturn(authentication).when(securityContext).getAuthentication();
AuthenticationTrustResolver trustResolver = Mockito.mock(AuthenticationTrustResolver.class);
Mockito.doReturn(true).when(trustResolver).isAnonymous(authentication);
jwtSecurityContextRepository.setTrustResolver(trustResolver);
jwtSecurityContextRepository.saveContext(securityContext, request, response);
Mockito.verify(trustResolver).isAnonymous(authentication);
String serializedJwt = getSavedSerializedJwt();
Assert.assertNull(serializedJwt);
}
Also used :
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
Authentication(org.springframework.security.core.Authentication)
SecurityContext(org.springframework.security.core.context.SecurityContext)
AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver)
JWSHeader(com.nimbusds.jose.JWSHeader)
Test(org.junit.Test)
Aggregations
JWSHeader (com.nimbusds.jose.JWSHeader)67
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)56
SignedJWT (com.nimbusds.jwt.SignedJWT)50
Test (org.junit.Test)24
RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)21
JWSSigner (com.nimbusds.jose.JWSSigner)18
ArrayList (java.util.ArrayList)12
SecurityContext (org.springframework.security.core.context.SecurityContext)12
OAuth2TokenValidator (org.springframework.security.oauth2.core.OAuth2TokenValidator)12
JOSEException (com.nimbusds.jose.JOSEException)11
DelegatingOAuth2TokenValidator (org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)10
RestOperations (org.springframework.web.client.RestOperations)10
Test (org.junit.jupiter.api.Test)9
Date (java.util.Date)8
Jwt (org.springframework.security.oauth2.jwt.Jwt)8
JSONObject (net.minidev.json.JSONObject)7
JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)6
MACSigner (com.nimbusds.jose.crypto.MACSigner)6
JWK (com.nimbusds.jose.jwk.JWK)6
PrivateKey (java.security.PrivateKey)6
