Example 26 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project flow by vaadin.
the class JwtSecurityContextRepositoryTest method saveContext_doesSaveJwt_withIssuer.
@Test
public void saveContext_doesSaveJwt_withIssuer() throws JOSEException, BadJOSEException, ParseException {
SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
JWSHeader header = getHeaderBuilder().build();
JWTClaimsSet claimsSet = getClaimsSetBuilder().build();
Mockito.doReturn(getJwtAuthenticationToken(header, claimsSet)).when(securityContext).getAuthentication();
jwtSecurityContextRepository.setIssuer(TEST_ISSUER);
jwtSecurityContextRepository.saveContext(securityContext, request, response);
String serializedJwt = getSavedSerializedJwt();
JWTClaimsSet decodedClaimsSet = decodeSerializedJwt(serializedJwt, jwtProcessor);
assertClaims(decodedClaimsSet, TEST_USERNAME, TEST_ROLES, 1800);
Assert.assertEquals(TEST_ISSUER, decodedClaimsSet.getIssuer());
}
Also used :
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
SecurityContext(org.springframework.security.core.context.SecurityContext)
JWSHeader(com.nimbusds.jose.JWSHeader)
Test(org.junit.Test)
Example 27 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project flow by vaadin.
the class JwtSecurityContextRepositoryTest method saveContext_doesNotSaveJwt_when_algorithmNull.
@Test
public void saveContext_doesNotSaveJwt_when_algorithmNull() throws JOSEException {
SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
JWSHeader header = getHeaderBuilder().build();
JWTClaimsSet claimsSet = getClaimsSetBuilder().build();
Mockito.doReturn(getJwtAuthenticationToken(header, claimsSet)).when(securityContext).getAuthentication();
jwtSecurityContextRepository.setJwsAlgorithm(null);
Assert.assertThrows(IllegalArgumentException.class, () -> jwtSecurityContextRepository.saveContext(securityContext, request, response));
String serializedJwt = getSavedSerializedJwt();
Assert.assertNull(serializedJwt);
}
Also used :
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
SecurityContext(org.springframework.security.core.context.SecurityContext)
JWSHeader(com.nimbusds.jose.JWSHeader)
Test(org.junit.Test)
Example 28 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project flow by vaadin.
the class JwtSecurityContextRepository method encodeJwt.
private String encodeJwt(Authentication authentication) throws JOSEException {
if (authentication == null || trustResolver.isAnonymous(authentication)) {
return null;
}
final Date now = new Date();
final List<String> roles = authentication.getAuthorities().stream().map(Objects::toString).filter(a -> a.startsWith(ROLE_AUTHORITY_PREFIX)).map(a -> a.substring(ROLE_AUTHORITY_PREFIX.length())).collect(Collectors.toList());
SignedJWT signedJWT;
JWSHeader jwsHeader = new JWSHeader(jwsAlgorithm);
JWKSelector jwkSelector = new JWKSelector(JWKMatcher.forJWSHeader(jwsHeader));
List<JWK> jwks = jwkSource.get(jwkSelector, null);
JWK jwk = jwks.get(0);
JWSSigner signer = new DefaultJWSSignerFactory().createJWSSigner(jwk, jwsAlgorithm);
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject(authentication.getName()).issuer(issuer).issueTime(now).expirationTime(new Date(now.getTime() + expiresIn * 1000)).claim(ROLES_CLAIM, roles).build();
signedJWT = new SignedJWT(jwsHeader, claimsSet);
signedJWT.sign(signer);
return signedJWT.serialize();
}
Also used :
JwtAuthenticationConverter(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter)
JWSKeySelector(com.nimbusds.jose.proc.JWSKeySelector)
JWKSelector(com.nimbusds.jose.jwk.JWKSelector)
HttpRequestResponseHolder(org.springframework.security.web.context.HttpRequestResponseHolder)
Date(java.util.Date)
NimbusJwtDecoder(org.springframework.security.oauth2.jwt.NimbusJwtDecoder)
JOSEException(com.nimbusds.jose.JOSEException)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
SaveContextOnUpdateOrErrorResponseWrapper(org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
DefaultJWTProcessor(com.nimbusds.jwt.proc.DefaultJWTProcessor)
SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
JwtGrantedAuthoritiesConverter(org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter)
JWKSource(com.nimbusds.jose.jwk.source.JWKSource)
JwtValidators(org.springframework.security.oauth2.jwt.JwtValidators)
DefaultJWSSignerFactory(com.nimbusds.jose.crypto.factories.DefaultJWSSignerFactory)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm)
Collectors(java.util.stream.Collectors)
JWSHeader(com.nimbusds.jose.JWSHeader)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JWK(com.nimbusds.jose.jwk.JWK)
Objects(java.util.Objects)
List(java.util.List)
JWSVerificationKeySelector(com.nimbusds.jose.proc.JWSVerificationKeySelector)
AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver)
JWSSigner(com.nimbusds.jose.JWSSigner)
JwtDecoder(org.springframework.security.oauth2.jwt.JwtDecoder)
SecurityContext(org.springframework.security.core.context.SecurityContext)
JwtException(org.springframework.security.oauth2.jwt.JwtException)
SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository)
Log(org.apache.commons.logging.Log)
LogFactory(org.apache.commons.logging.LogFactory)
AuthenticationTrustResolverImpl(org.springframework.security.authentication.AuthenticationTrustResolverImpl)
JWKMatcher(com.nimbusds.jose.jwk.JWKMatcher)
Authentication(org.springframework.security.core.Authentication)
JWKSelector(com.nimbusds.jose.jwk.JWKSelector)
SignedJWT(com.nimbusds.jwt.SignedJWT)
Date(java.util.Date)
DefaultJWSSignerFactory(com.nimbusds.jose.crypto.factories.DefaultJWSSignerFactory)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
JWSSigner(com.nimbusds.jose.JWSSigner)
JWSHeader(com.nimbusds.jose.JWSHeader)
JWK(com.nimbusds.jose.jwk.JWK)
Example 29 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project spring-cloud-gcp by spring-cloud.
the class FirebaseJwtTokenDecoderTests method invalidIssuedAt.
@Test
public void invalidIssuedAt() throws Exception {
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").audience("123456").expirationTime(Date.from(Instant.now().plusSeconds(36000))).issuer("https://securetoken.google.com/123456").issueTime(Date.from(Instant.now().plusSeconds(3600))).claim("auth_time", Instant.now().minusSeconds(3600).getEpochSecond()).build();
SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
List<OAuth2TokenValidator<Jwt>> validators = new ArrayList<>();
validators.add(new JwtTimestampValidator());
validators.add(new JwtIssuerValidator("https://securetoken.google.com/123456"));
validators.add(new FirebaseTokenValidator("123456"));
DelegatingOAuth2TokenValidator<Jwt> validator = new DelegatingOAuth2TokenValidator<Jwt>(validators);
RestOperations operations = mockRestOperations();
FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(operations, "https://spring.local", validator);
assertThatExceptionOfType(JwtException.class).isThrownBy(() -> decoder.decode(signedJWT.serialize())).withMessageStartingWith("An error occurred while attempting to decode the Jwt: iat claim header must be in the past");
}
Also used :
JwtIssuerValidator(org.springframework.security.oauth2.jwt.JwtIssuerValidator)
Jwt(org.springframework.security.oauth2.jwt.Jwt)
ArrayList(java.util.ArrayList)
SignedJWT(com.nimbusds.jwt.SignedJWT)
DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)
OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator)
DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
JwtTimestampValidator(org.springframework.security.oauth2.jwt.JwtTimestampValidator)
RestOperations(org.springframework.web.client.RestOperations)
JWSHeader(com.nimbusds.jose.JWSHeader)
Test(org.junit.Test)
Example 30 with JWSHeader
use of com.nimbusds.jose.JWSHeader in project spring-cloud-gcp by spring-cloud.
the class FirebaseJwtTokenDecoderTests method signedTokenTests.
@Test
public void signedTokenTests() throws Exception {
JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("one").build();
JWTClaimsSet claimsSet = new JWTClaimsSet.Builder().subject("test-subject").expirationTime(Date.from(Instant.now().plusSeconds(60))).build();
SignedJWT signedJWT = signedJwt(keyGeneratorUtils.getPrivateKey(), header, claimsSet);
OAuth2TokenValidator validator = mock(OAuth2TokenValidator.class);
when(validator.validate(any())).thenReturn(OAuth2TokenValidatorResult.success());
FirebaseJwtTokenDecoder decoder = new FirebaseJwtTokenDecoder(mockRestOperations(), "https://spring.local", validator);
decoder.decode(signedJWT.serialize());
}
Also used :
OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator)
DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
SignedJWT(com.nimbusds.jwt.SignedJWT)
JWSHeader(com.nimbusds.jose.JWSHeader)
Test(org.junit.Test)
Aggregations
JWSHeader (com.nimbusds.jose.JWSHeader)67
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)56
SignedJWT (com.nimbusds.jwt.SignedJWT)50
Test (org.junit.Test)24
RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)21
JWSSigner (com.nimbusds.jose.JWSSigner)18
ArrayList (java.util.ArrayList)12
SecurityContext (org.springframework.security.core.context.SecurityContext)12
OAuth2TokenValidator (org.springframework.security.oauth2.core.OAuth2TokenValidator)12
JOSEException (com.nimbusds.jose.JOSEException)11
DelegatingOAuth2TokenValidator (org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator)10
RestOperations (org.springframework.web.client.RestOperations)10
Test (org.junit.jupiter.api.Test)9
Date (java.util.Date)8
Jwt (org.springframework.security.oauth2.jwt.Jwt)8
JSONObject (net.minidev.json.JSONObject)7
JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)6
MACSigner (com.nimbusds.jose.crypto.MACSigner)6
JWK (com.nimbusds.jose.jwk.JWK)6
PrivateKey (java.security.PrivateKey)6
