Example 16 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project mycore by MyCoRe-Org.
the class MCRJSONWebTokenUtil method createJWT.
/**
* creates a JSON Web Token with user id, roles and client public key
*
* @param user - the user that should be returned
* @param roles - the roles that should be returned
* @param webAppBaseURL - the base url of the application
* @param clientPublicKey - the client public key as JSON Web Key
*
* @return the JSON WebToken
*/
public static SignedJWT createJWT(String user, List<String> roles, String webAppBaseURL, JWK clientPublicKey) {
ZonedDateTime currentTime = ZonedDateTime.now(ZoneOffset.UTC);
JWTClaimsSet claims = new JWTClaimsSet.Builder().issuer(webAppBaseURL).jwtID(UUID.randomUUID().toString()).expirationTime(Date.from(currentTime.plusMinutes(EXPIRATION_TIME_MINUTES).toInstant())).issueTime(Date.from(currentTime.toInstant())).notBeforeTime(Date.from(currentTime.minusMinutes(EXPIRATION_TIME_MINUTES).toInstant())).subject(user).claim("roles", roles).claim("sub_jwk", clientPublicKey).build();
String keyID = UUID.randomUUID().toString();
JWK jwk = new RSAKey.Builder((RSAPublicKey) RSA_KEYS.getPublic()).keyID(keyID).build();
JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.RS256).jwk(jwk).build();
SignedJWT signedJWT = new SignedJWT(jwsHeader, claims);
try {
signedJWT.sign(new RSASSASigner(RSA_KEYS.getPrivate()));
} catch (JOSEException e) {
// TODO Auto-generated catch block
LOGGER.error(e);
}
System.out.println("JWT: " + signedJWT.serialize());
return signedJWT;
}
Also used :
ZonedDateTime(java.time.ZonedDateTime)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JOSEException(com.nimbusds.jose.JOSEException)
JWSHeader(com.nimbusds.jose.JWSHeader)
JWK(com.nimbusds.jose.jwk.JWK)
Example 17 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project Payara by payara.
the class GCPSecretsConfigSource method buildJwt.
// Helpers
private static SignedJWT buildJwt(final String issuer, final String scope) {
Instant now = Instant.now();
Instant expiry = now.plus(1, ChronoUnit.MINUTES);
JWTClaimsSet claims = new JWTClaimsSet.Builder().issuer(issuer).audience(AUTH_URL).issueTime(Date.from(now)).expirationTime(Date.from(expiry)).claim("scope", scope).build();
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build();
return new SignedJWT(header, claims);
}
Also used :
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
Instant(java.time.Instant)
ClientBuilder(javax.ws.rs.client.ClientBuilder)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JWSHeader(com.nimbusds.jose.JWSHeader)
Example 18 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project metron by apache.
the class KnoxSSOAuthenticationFilterTest method validateSignatureShouldProperlyValidateToken.
@Test
public void validateSignatureShouldProperlyValidateToken() throws Exception {
KnoxSSOAuthenticationFilter knoxSSOAuthenticationFilter = spy(new KnoxSSOAuthenticationFilter("userSearchBase", mock(Path.class), "knoxKeyString", "knoxCookie", mock(LdapTemplate.class)));
SignedJWT jwtToken = mock(SignedJWT.class);
{
// Should be invalid if algorithm is not ES256
JWSHeader jwsHeader = new JWSHeader(JWSAlgorithm.ES384);
when(jwtToken.getHeader()).thenReturn(jwsHeader);
assertFalse(knoxSSOAuthenticationFilter.validateSignature(jwtToken));
}
{
// Should be invalid if state is not SIGNED
JWSHeader jwsHeader = new JWSHeader(JWSAlgorithm.RS256);
when(jwtToken.getHeader()).thenReturn(jwsHeader);
when(jwtToken.getState()).thenReturn(JWSObject.State.UNSIGNED);
assertFalse(knoxSSOAuthenticationFilter.validateSignature(jwtToken));
}
{
// Should be invalid if signature is null
JWSHeader jwsHeader = new JWSHeader(JWSAlgorithm.RS256);
when(jwtToken.getHeader()).thenReturn(jwsHeader);
when(jwtToken.getState()).thenReturn(JWSObject.State.SIGNED);
assertFalse(knoxSSOAuthenticationFilter.validateSignature(jwtToken));
}
{
Base64URL signature = mock(Base64URL.class);
when(jwtToken.getSignature()).thenReturn(signature);
RSAPublicKey rsaPublicKey = mock(RSAPublicKey.class);
RSASSAVerifier rsaSSAVerifier = mock(RSASSAVerifier.class);
doReturn(rsaSSAVerifier).when(knoxSSOAuthenticationFilter).getRSASSAVerifier();
{
// Should be invalid if token verify throws an exception
when(jwtToken.verify(rsaSSAVerifier)).thenThrow(new JOSEException("verify exception"));
assertFalse(knoxSSOAuthenticationFilter.validateSignature(jwtToken));
}
{
// Should be invalid if RSA verification fails
doReturn(false).when(jwtToken).verify(rsaSSAVerifier);
assertFalse(knoxSSOAuthenticationFilter.validateSignature(jwtToken));
}
{
// Should be valid if RSA verification succeeds
doReturn(true).when(jwtToken).verify(rsaSSAVerifier);
assertTrue(knoxSSOAuthenticationFilter.validateSignature(jwtToken));
}
}
}
Also used :
RSAPublicKey(java.security.interfaces.RSAPublicKey)
RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JOSEException(com.nimbusds.jose.JOSEException)
JWSHeader(com.nimbusds.jose.JWSHeader)
Base64URL(com.nimbusds.jose.util.Base64URL)
Test(org.junit.jupiter.api.Test)
Example 19 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project carbon-apimgt by wso2.
the class Util method getAuthHeader.
public static String getAuthHeader(String username) throws Exception {
// Get the filesystem key store default primary certificate
KeyStoreManager keyStoreManager;
keyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
try {
keyStoreManager.getDefaultPrimaryCertificate();
JWSSigner signer = new RSASSASigner((RSAPrivateKey) keyStoreManager.getDefaultPrivateKey());
JWTClaimsSet.Builder jwtClaimsSetBuilder = new JWTClaimsSet.Builder();
jwtClaimsSetBuilder.claim("Username", username);
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS512), jwtClaimsSetBuilder.build());
signedJWT.sign(signer);
// generate authorization header value
return "Bearer " + Base64Utils.encode(signedJWT.serialize().getBytes(Charset.defaultCharset()));
} catch (SignatureException e) {
String msg = "Failed to sign with signature instance";
log.error(msg, e);
throw new Exception(msg, e);
} catch (Exception e) {
String msg = "Failed to get primary default certificate";
log.error(msg, e);
throw new Exception(msg, e);
}
}
Also used :
KeyStoreManager(org.wso2.carbon.core.util.KeyStoreManager)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
RSASSASigner(com.nimbusds.jose.crypto.RSASSASigner)
SignedJWT(com.nimbusds.jwt.SignedJWT)
SignatureException(java.security.SignatureException)
JWSSigner(com.nimbusds.jose.JWSSigner)
JWSHeader(com.nimbusds.jose.JWSHeader)
SignatureException(java.security.SignatureException)
Example 20 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project carbon-apimgt by wso2.
the class ApiKeyAuthenticator method authenticate.
@Override
public AuthenticationResponse authenticate(MessageContext synCtx) {
if (log.isDebugEnabled()) {
log.info("ApiKey Authentication initialized");
}
try {
// Extract apikey from the request while removing it from the msg context.
String apiKey = extractApiKey(synCtx);
JWTTokenPayloadInfo payloadInfo = null;
if (jwtConfigurationDto == null) {
jwtConfigurationDto = ServiceReferenceHolder.getInstance().getAPIManagerConfiguration().getJwtConfigurationDto();
}
if (jwtGenerationEnabled == null) {
jwtGenerationEnabled = jwtConfigurationDto.isEnabled();
}
if (apiMgtGatewayJWTGenerator == null) {
apiMgtGatewayJWTGenerator = ServiceReferenceHolder.getInstance().getApiMgtGatewayJWTGenerator().get(jwtConfigurationDto.getGatewayJWTGeneratorImpl());
}
String[] splitToken = apiKey.split("\\.");
JWSHeader decodedHeader;
JWTClaimsSet payload = null;
SignedJWT signedJWT = null;
String tokenIdentifier, certAlias;
if (splitToken.length != 3) {
log.error("Api Key does not have the format {header}.{payload}.{signature} ");
throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
}
signedJWT = SignedJWT.parse(apiKey);
payload = signedJWT.getJWTClaimsSet();
decodedHeader = signedJWT.getHeader();
tokenIdentifier = payload.getJWTID();
// Check if the decoded header contains type as 'JWT'.
if (!JOSEObjectType.JWT.equals(decodedHeader.getType())) {
if (log.isDebugEnabled()) {
log.debug("Invalid Api Key token type. Api Key: " + GatewayUtils.getMaskedToken(splitToken[0]));
}
log.error("Invalid Api Key token type.");
throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
}
if (!GatewayUtils.isAPIKey(payload)) {
log.error("Invalid Api Key. Internal Key Sent");
throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
}
if (decodedHeader.getKeyID() == null) {
if (log.isDebugEnabled()) {
log.debug("Invalid Api Key. Could not find alias in header. Api Key: " + GatewayUtils.getMaskedToken(splitToken[0]));
}
log.error("Invalid Api Key. Could not find alias in header");
throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
} else {
certAlias = decodedHeader.getKeyID();
}
String apiContext = (String) synCtx.getProperty(RESTConstants.REST_API_CONTEXT);
String apiVersion = (String) synCtx.getProperty(RESTConstants.SYNAPSE_REST_API_VERSION);
String httpMethod = (String) ((Axis2MessageContext) synCtx).getAxis2MessageContext().getProperty(Constants.Configuration.HTTP_METHOD);
String matchingResource = (String) synCtx.getProperty(APIConstants.API_ELECTED_RESOURCE);
OpenAPI openAPI = (OpenAPI) synCtx.getProperty(APIMgtGatewayConstants.OPEN_API_OBJECT);
if (openAPI == null && !APIConstants.GRAPHQL_API.equals(synCtx.getProperty(APIConstants.API_TYPE))) {
log.error("Swagger is missing in the gateway. " + "Therefore, Api Key authentication cannot be performed.");
return new AuthenticationResponse(false, isMandatory, true, APISecurityConstants.API_AUTH_MISSING_OPEN_API_DEF, APISecurityConstants.API_AUTH_MISSING_OPEN_API_DEF_ERROR_MESSAGE);
}
String resourceCacheKey = APIUtil.getResourceInfoDTOCacheKey(apiContext, apiVersion, matchingResource, httpMethod);
VerbInfoDTO verbInfoDTO = new VerbInfoDTO();
verbInfoDTO.setHttpVerb(httpMethod);
// Not doing resource level authentication
verbInfoDTO.setAuthType(APIConstants.AUTH_NO_AUTHENTICATION);
verbInfoDTO.setRequestKey(resourceCacheKey);
verbInfoDTO.setThrottling(OpenAPIUtils.getResourceThrottlingTier(openAPI, synCtx));
List<VerbInfoDTO> verbInfoList = new ArrayList<>();
verbInfoList.add(verbInfoDTO);
synCtx.setProperty(APIConstants.VERB_INFO_DTO, verbInfoList);
String cacheKey = GatewayUtils.getAccessTokenCacheKey(tokenIdentifier, apiContext, apiVersion, matchingResource, httpMethod);
String tenantDomain = GatewayUtils.getTenantDomain();
boolean isVerified = false;
// Validate from cache
if (isGatewayTokenCacheEnabled == null) {
isGatewayTokenCacheEnabled = GatewayUtils.isGatewayTokenCacheEnabled();
}
if (isGatewayTokenCacheEnabled) {
String cacheToken = (String) getGatewayApiKeyCache().get(tokenIdentifier);
if (cacheToken != null) {
if (log.isDebugEnabled()) {
log.debug("Api Key retrieved from the Api Key cache.");
}
if (getGatewayApiKeyDataCache().get(cacheKey) != null) {
// Token is found in the key cache
payloadInfo = (JWTTokenPayloadInfo) getGatewayApiKeyDataCache().get(cacheKey);
String accessToken = payloadInfo.getAccessToken();
if (!accessToken.equals(apiKey)) {
isVerified = false;
} else {
isVerified = true;
}
}
} else if (getInvalidGatewayApiKeyCache().get(tokenIdentifier) != null) {
if (log.isDebugEnabled()) {
log.debug("Api Key retrieved from the invalid Api Key cache. Api Key: " + GatewayUtils.getMaskedToken(splitToken[0]));
}
log.error("Invalid Api Key." + GatewayUtils.getMaskedToken(splitToken[0]));
throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
} else if (RevokedJWTDataHolder.isJWTTokenSignatureExistsInRevokedMap(tokenIdentifier)) {
if (log.isDebugEnabled()) {
log.debug("Token retrieved from the revoked jwt token map. Token: " + GatewayUtils.getMaskedToken(splitToken[0]));
}
log.error("Invalid API Key. " + GatewayUtils.getMaskedToken(splitToken[0]));
throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid API Key");
}
} else {
if (RevokedJWTDataHolder.isJWTTokenSignatureExistsInRevokedMap(tokenIdentifier)) {
if (log.isDebugEnabled()) {
log.debug("Token retrieved from the revoked jwt token map. Token: " + GatewayUtils.getMaskedToken(splitToken[0]));
}
log.error("Invalid JWT token. " + GatewayUtils.getMaskedToken(splitToken[0]));
throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid JWT token");
}
}
// Not found in cache or caching disabled
if (!isVerified) {
if (log.isDebugEnabled()) {
log.debug("Api Key not found in the cache.");
}
try {
signedJWT = (SignedJWT) JWTParser.parse(apiKey);
payload = signedJWT.getJWTClaimsSet();
} catch (JSONException | IllegalArgumentException | ParseException e) {
if (log.isDebugEnabled()) {
log.debug("Invalid Api Key. Api Key: " + GatewayUtils.getMaskedToken(splitToken[0]), e);
}
log.error("Invalid JWT token. Failed to decode the Api Key body.");
throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE, e);
}
try {
isVerified = GatewayUtils.verifyTokenSignature(signedJWT, certAlias);
} catch (APISecurityException e) {
if (e.getErrorCode() == APISecurityConstants.API_AUTH_INVALID_CREDENTIALS) {
throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
} else {
throw e;
}
}
if (isGatewayTokenCacheEnabled) {
// Add token to tenant token cache
if (isVerified) {
getGatewayApiKeyCache().put(tokenIdentifier, tenantDomain);
} else {
getInvalidGatewayApiKeyCache().put(tokenIdentifier, tenantDomain);
}
if (!MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
try {
// Start super tenant flow
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, true);
// Add token to super tenant token cache
if (isVerified) {
getGatewayApiKeyCache().put(tokenIdentifier, tenantDomain);
} else {
getInvalidGatewayApiKeyCache().put(tokenIdentifier, tenantDomain);
}
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
}
}
}
// If Api Key signature is verified
if (isVerified) {
if (log.isDebugEnabled()) {
log.debug("Api Key signature is verified.");
}
if (isGatewayTokenCacheEnabled && payloadInfo != null) {
// Api Key is found in the key cache
payload = payloadInfo.getPayload();
if (isJwtTokenExpired(payload)) {
getGatewayApiKeyCache().remove(tokenIdentifier);
getInvalidGatewayApiKeyCache().put(tokenIdentifier, tenantDomain);
log.error("Api Key is expired");
throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
}
validateAPIKeyRestrictions(payload, synCtx);
} else {
// Retrieve payload from ApiKey
if (log.isDebugEnabled()) {
log.debug("ApiKey payload not found in the cache.");
}
if (payload == null) {
try {
signedJWT = (SignedJWT) JWTParser.parse(apiKey);
payload = signedJWT.getJWTClaimsSet();
} catch (JSONException | IllegalArgumentException | ParseException e) {
if (log.isDebugEnabled()) {
log.debug("Invalid ApiKey. ApiKey: " + GatewayUtils.getMaskedToken(splitToken[0]));
}
log.error("Invalid Api Key. Failed to decode the Api Key body.");
throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE, e);
}
}
if (isJwtTokenExpired(payload)) {
if (isGatewayTokenCacheEnabled) {
getGatewayApiKeyCache().remove(tokenIdentifier);
getInvalidGatewayApiKeyCache().put(tokenIdentifier, tenantDomain);
}
log.error("Api Key is expired");
throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
}
validateAPIKeyRestrictions(payload, synCtx);
if (isGatewayTokenCacheEnabled) {
JWTTokenPayloadInfo jwtTokenPayloadInfo = new JWTTokenPayloadInfo();
jwtTokenPayloadInfo.setPayload(payload);
jwtTokenPayloadInfo.setAccessToken(apiKey);
getGatewayApiKeyDataCache().put(cacheKey, jwtTokenPayloadInfo);
}
}
net.minidev.json.JSONObject api = GatewayUtils.validateAPISubscription(apiContext, apiVersion, payload, splitToken, false);
if (log.isDebugEnabled()) {
log.debug("Api Key authentication successful.");
}
String endUserToken = null;
String contextHeader = null;
if (jwtGenerationEnabled) {
SignedJWTInfo signedJWTInfo = new SignedJWTInfo(apiKey, signedJWT, payload);
JWTValidationInfo jwtValidationInfo = getJwtValidationInfo(signedJWTInfo);
JWTInfoDto jwtInfoDto = GatewayUtils.generateJWTInfoDto(api, jwtValidationInfo, null, synCtx);
endUserToken = generateAndRetrieveBackendJWTToken(tokenIdentifier, jwtInfoDto);
contextHeader = getContextHeader();
}
AuthenticationContext authenticationContext;
authenticationContext = GatewayUtils.generateAuthenticationContext(tokenIdentifier, payload, api, getApiLevelPolicy(), endUserToken, synCtx);
APISecurityUtils.setAuthenticationContext(synCtx, authenticationContext, contextHeader);
if (log.isDebugEnabled()) {
log.debug("User is authorized to access the resource using Api Key.");
}
return new AuthenticationResponse(true, isMandatory, false, 0, null);
}
if (log.isDebugEnabled()) {
log.debug("Api Key signature verification failure. Api Key: " + GatewayUtils.getMaskedToken(splitToken[0]));
}
log.error("Invalid Api Key. Signature verification failed.");
throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
} catch (APISecurityException e) {
return new AuthenticationResponse(false, isMandatory, true, e.getErrorCode(), e.getMessage());
} catch (ParseException e) {
log.error("Error while parsing API Key", e);
return new AuthenticationResponse(false, isMandatory, true, APISecurityConstants.API_AUTH_GENERAL_ERROR, APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE);
}
}
Also used :
APISecurityException(org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException)
JWTTokenPayloadInfo(org.wso2.carbon.apimgt.gateway.dto.JWTTokenPayloadInfo)
AuthenticationContext(org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext)
ArrayList(java.util.ArrayList)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JWTValidationInfo(org.wso2.carbon.apimgt.common.gateway.dto.JWTValidationInfo)
SignedJWTInfo(org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo)
JWSHeader(com.nimbusds.jose.JWSHeader)
Axis2MessageContext(org.apache.synapse.core.axis2.Axis2MessageContext)
JWTInfoDto(org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto)
JSONException(org.json.JSONException)
AuthenticationResponse(org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationResponse)
VerbInfoDTO(org.wso2.carbon.apimgt.impl.dto.VerbInfoDTO)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
ParseException(java.text.ParseException)
OpenAPI(io.swagger.v3.oas.models.OpenAPI)
Aggregations
JWSHeader (com.nimbusds.jose.JWSHeader)67
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)56
SignedJWT (com.nimbusds.jwt.SignedJWT)50
Test (org.junit.Test)24
RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)21
JWSSigner (com.nimbusds.jose.JWSSigner)18
ArrayList (java.util.ArrayList)12
SecurityContext (org.springframework.security.core.context.SecurityContext)12
OAuth2TokenValidator (org.springframework.security.oauth2.core.OAuth2TokenValidator)12
JOSEException (com.nimbusds.jose.JOSEException)11
DelegatingOAuth2TokenValidator (org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)10
RestOperations (org.springframework.web.client.RestOperations)10
Test (org.junit.jupiter.api.Test)9
Date (java.util.Date)8
Jwt (org.springframework.security.oauth2.jwt.Jwt)8
JSONObject (net.minidev.json.JSONObject)7
JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)6
MACSigner (com.nimbusds.jose.crypto.MACSigner)6
JWK (com.nimbusds.jose.jwk.JWK)6
PrivateKey (java.security.PrivateKey)6
