Example 6 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project connect-android-sdk by telenordigital.
the class IdTokenValidatorTest method setUp.
@BeforeClass
public static void setUp() throws Exception {
Calendar calendar = Calendar.getInstance();
now = calendar.getTime();
calendar.add(Calendar.HOUR, 1);
oneHourIntoFuture = calendar.getTime();
calendar.setTime(now);
calendar.add(Calendar.YEAR, 10);
tenYearsIntoFuture = calendar.getTime();
calendar.setTime(now);
calendar.add(Calendar.HOUR, -2);
twoHoursAgo = calendar.getTime();
JWTClaimsSet claimsSet = new JWTClaimsSet();
claimsSet.setIssuer("https://connect.telenordigital.com/oauth");
claimsSet.setAudience("connect-tests");
claimsSet.setExpirationTime(oneHourIntoFuture);
claimsSet.setIssueTime(now);
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.ES256), claimsSet);
signedJWT.sign(new ECDSASigner(new BigInteger("123")));
normalSerializedSignedJwt = new IdToken(signedJWT.serialize());
}
Also used :
IdToken(com.telenor.connect.id.IdToken)
ECDSASigner(com.nimbusds.jose.crypto.ECDSASigner)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
Calendar(java.util.Calendar)
BigInteger(java.math.BigInteger)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JWSHeader(com.nimbusds.jose.JWSHeader)
BeforeClass(org.junit.BeforeClass)
Example 7 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project ovirt-engine by oVirt.
the class OpenIdUtils method createJWT.
/**
* Create a Java web token and sign with the RSA key. Used by the openid userinfo endpoint to send userinfo back.
*/
public static String createJWT(HttpServletRequest request, SsoSession ssoSession, String clientId) throws JOSEException {
// Create RSA-signer with the private key
JWSSigner signer = new RSASSASigner(keyPair.getPrivate());
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), createJWTClaimSet(request, ssoSession, clientId));
signedJWT.sign(signer);
return signedJWT.serialize();
}
Also used :
RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JWSSigner(com.nimbusds.jose.JWSSigner)
JWSHeader(com.nimbusds.jose.JWSHeader)
Example 8 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project spring-security by spring-projects.
the class JwtIssuerReactiveAuthenticationManagerResolverTests method resolveWhednUsingTrustedIssuerThenReturnsAuthenticationManager.
// gh-10444
@Test
public void resolveWhednUsingTrustedIssuerThenReturnsAuthenticationManager() throws Exception {
try (MockWebServer server = new MockWebServer()) {
String issuer = server.url("").toString();
// @formatter:off
server.enqueue(new MockResponse().setResponseCode(500).setHeader("Content-Type", "application/json").setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)));
server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json").setBody(String.format(DEFAULT_RESPONSE_TEMPLATE, issuer, issuer)));
server.enqueue(new MockResponse().setResponseCode(200).setHeader("Content-Type", "application/json").setBody(JWK_SET));
// @formatter:on
JWSObject jws = new JWSObject(new JWSHeader(JWSAlgorithm.RS256), new Payload(new JSONObject(Collections.singletonMap(JwtClaimNames.ISS, issuer))));
jws.sign(new RSASSASigner(TestKeys.DEFAULT_PRIVATE_KEY));
JwtIssuerReactiveAuthenticationManagerResolver authenticationManagerResolver = new JwtIssuerReactiveAuthenticationManagerResolver(issuer);
ReactiveAuthenticationManager authenticationManager = authenticationManagerResolver.resolve(null).block();
assertThat(authenticationManager).isNotNull();
Authentication token = withBearerToken(jws.serialize());
assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> authenticationManager.authenticate(token).block());
Authentication authentication = authenticationManager.authenticate(token).block();
assertThat(authentication.isAuthenticated()).isTrue();
}
}
Also used :
MockResponse(okhttp3.mockwebserver.MockResponse)
ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager)
JSONObject(net.minidev.json.JSONObject)
Authentication(org.springframework.security.core.Authentication)
MockWebServer(okhttp3.mockwebserver.MockWebServer)
RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner)
Payload(com.nimbusds.jose.Payload)
JWSObject(com.nimbusds.jose.JWSObject)
JWSHeader(com.nimbusds.jose.JWSHeader)
Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException)
Test(org.junit.jupiter.api.Test)
Example 9 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project spring-security by spring-projects.
the class NimbusJwtDecoderTests method decodeWhenUsingSecertKeyWithKidThenStillUsesKey.
// gh-7056
@Test
public void decodeWhenUsingSecertKeyWithKidThenStillUsesKey() throws Exception {
SecretKey secretKey = TestKeys.DEFAULT_SECRET_KEY;
// @formatter:off
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.HS256).keyID("one").build();
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
// @formatter:on
SignedJWT signedJwt = signedJwt(secretKey, header, claimsSet);
// @formatter:off
NimbusJwtDecoder decoder = NimbusJwtDecoder.withSecretKey(secretKey).macAlgorithm(MacAlgorithm.HS256).build();
assertThat(decoder.decode(signedJwt.serialize())).extracting(Jwt::getSubject).isEqualTo("test-subject");
// @formatter:on
}
Also used :
SecretKey(javax.crypto.SecretKey)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JWSHeader(com.nimbusds.jose.JWSHeader)
Test(org.junit.jupiter.api.Test)
Example 10 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project spring-security by spring-projects.
the class NimbusJwtDecoderTests method decodeWhenUsingPublicKeyWithKidThenStillUsesKey.
// gh-7049
@Test
public void decodeWhenUsingPublicKeyWithKidThenStillUsesKey() throws Exception {
RSAPublicKey publicKey = TestKeys.DEFAULT_PUBLIC_KEY;
RSAPrivateKey privateKey = TestKeys.DEFAULT_PRIVATE_KEY;
// @formatter:off
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
// @formatter:on
SignedJWT signedJwt = signedJwt(privateKey, header, claimsSet);
// @formatter:off
NimbusJwtDecoder decoder = NimbusJwtDecoder.withPublicKey(publicKey).signatureAlgorithm(SignatureAlgorithm.RS256).build();
assertThat(decoder.decode(signedJwt.serialize())).extracting(Jwt::getSubject).isEqualTo("test-subject");
// @formatter:on
}
Also used :
RSAPublicKey(java.security.interfaces.RSAPublicKey)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
SignedJWT(com.nimbusds.jwt.SignedJWT)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
JWSHeader(com.nimbusds.jose.JWSHeader)
Test(org.junit.jupiter.api.Test)
Aggregations
JWSHeader (com.nimbusds.jose.JWSHeader)67
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)56
SignedJWT (com.nimbusds.jwt.SignedJWT)50
Test (org.junit.Test)24
RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)21
JWSSigner (com.nimbusds.jose.JWSSigner)18
ArrayList (java.util.ArrayList)12
SecurityContext (org.springframework.security.core.context.SecurityContext)12
OAuth2TokenValidator (org.springframework.security.oauth2.core.OAuth2TokenValidator)12
JOSEException (com.nimbusds.jose.JOSEException)11
DelegatingOAuth2TokenValidator (org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)10
RestOperations (org.springframework.web.client.RestOperations)10
Test (org.junit.jupiter.api.Test)9
Date (java.util.Date)8
Jwt (org.springframework.security.oauth2.jwt.Jwt)8
JSONObject (net.minidev.json.JSONObject)7
JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)6
MACSigner (com.nimbusds.jose.crypto.MACSigner)6
JWK (com.nimbusds.jose.jwk.JWK)6
PrivateKey (java.security.PrivateKey)6
