Examples with JWSHeader com.nimbusds.jose.JWSHeader used on opensource projects

Example 36 with JWSHeader

use of com.nimbusds.jose.JWSHeader in project carbon-apimgt by wso2.

the class JWTWithRSASignatureImpl method rsaSignAndSerialize.

/**
 * {@inheritDoc}
 */
@Override
public String rsaSignAndSerialize(RSAPrivateKey rsaPrivateKey, JWTClaimsSet claimsSet) throws APIManagementException {
    if (rsaPrivateKey == null) {
        throw new IllegalArgumentException("The private key must not be null");
    }
    if (claimsSet == null) {
        throw new IllegalArgumentException("The JWTClaimsSet must not be null");
    }
    JWSSigner signer = new RSASSASigner(rsaPrivateKey);
    SignedJWT jwt = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet);
    try {
        jwt.sign(signer);
    } catch (JOSEException e) {
        throw new APIManagementException("Error signing JWT ", e);
    }
    return jwt.serialize();
}

Example 37 with JWSHeader

use of com.nimbusds.jose.JWSHeader in project java-docs-samples by GoogleCloudPlatform.

the class BuildIapRequest method getSignedJwt.

private static String getSignedJwt(ServiceAccountCredentials credentials, String iapClientId) throws Exception {
    Instant now = Instant.now(clock);
    long expirationTime = now.getEpochSecond() + EXPIRATION_TIME_IN_SECONDS;
    // generate jwt signed by service account
    // header must contain algorithm ("alg") and key ID ("kid")
    JWSHeader jwsHeader = new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(credentials.getPrivateKeyId()).build();
    // set required claims
    JWTClaimsSet claims = new JWTClaimsSet.Builder().audience(OAUTH_TOKEN_URI).issuer(credentials.getClientEmail()).subject(credentials.getClientEmail()).issueTime(Date.from(now)).expirationTime(Date.from(Instant.ofEpochSecond(expirationTime))).claim("target_audience", iapClientId).build();
    // sign using service account private key
    JWSSigner signer = new RSASSASigner(credentials.getPrivateKey());
    SignedJWT signedJwt = new SignedJWT(jwsHeader, claims);
    signedJwt.sign(signer);
    return signedJwt.serialize();
}

Example 38 with JWSHeader

use of com.nimbusds.jose.JWSHeader in project java-docs-samples by GoogleCloudPlatform.

the class VerifyIapRequestHeader method verifyJwt.

private boolean verifyJwt(String jwtToken, String expectedAudience) throws Exception {
    // parse signed token into header / claims
    SignedJWT signedJwt = SignedJWT.parse(jwtToken);
    JWSHeader jwsHeader = signedJwt.getHeader();
    // header must have algorithm("alg") and "kid"
    Preconditions.checkNotNull(jwsHeader.getAlgorithm());
    Preconditions.checkNotNull(jwsHeader.getKeyID());
    JWTClaimsSet claims = signedJwt.getJWTClaimsSet();
    // claims must have audience, issuer
    Preconditions.checkArgument(claims.getAudience().contains(expectedAudience));
    Preconditions.checkArgument(claims.getIssuer().equals(IAP_ISSUER_URL));
    // claim must have issued at time in the past
    Date currentTime = Date.from(Instant.now(clock));
    Preconditions.checkArgument(claims.getIssueTime().before(currentTime));
    // claim must have expiration time in the future
    Preconditions.checkArgument(claims.getExpirationTime().after(currentTime));
    // must have subject, email
    Preconditions.checkNotNull(claims.getSubject());
    Preconditions.checkNotNull(claims.getClaim("email"));
    // verify using public key : lookup with key id, algorithm name provided
    ECPublicKey publicKey = getKey(jwsHeader.getKeyID(), jwsHeader.getAlgorithm().getName());
    Preconditions.checkNotNull(publicKey);
    JWSVerifier jwsVerifier = new ECDSAVerifier(publicKey);
    return signedJwt.verify(jwsVerifier);
}

Example 39 with JWSHeader

use of com.nimbusds.jose.JWSHeader in project Payara by payara.

the class AzureSecretsConfigSource method buildJwt.

private static SignedJWT buildJwt(final String issuer, final String audience, final String thumbprint) {
    Instant now = Instant.now();
    Instant expiry = now.plus(1, ChronoUnit.MINUTES);
    JWTClaimsSet claims = new JWTClaimsSet.Builder().subject(issuer).audience(audience).expirationTime(Date.from(expiry)).issueTime(Date.from(now)).issuer(issuer).build();
    byte[] bytes = DatatypeConverter.parseHexBinary(thumbprint);
    JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).x509CertThumbprint(Base64URL.encode(bytes)).build();
    return new SignedJWT(header, claims);
}

Example 40 with JWSHeader

use of com.nimbusds.jose.JWSHeader in project tomee by apache.

the class Tokens method asToken.

public static String asToken(final String claims) throws Exception {
    final PrivateKey pk = readPrivateKey("/testkey.pem");
    try {
        final JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).type(JOSEObjectType.JWT).build();
        final JWTClaimsSet claimsSet = JWTClaimsSet.parse(claims);
        final SignedJWT jwt = new SignedJWT(header, claimsSet);
        jwt.sign(new RSASSASigner(pk));
        return jwt.serialize();
    } catch (Exception e) {
        throw new RuntimeException("Could not sign JWT");
    }
}